• Get involved.
    We want your input!
    Apply for Membership and join the conversations about everything related to broadcasting.

    After we receive your registration, a moderator will review it. After your registration is approved, you will be permitted to post.
    If you use a disposable or false email address, your registration will be rejected.

    After your membership is approved, please take a minute to tell us a little bit about yourself.
    https://www.radiodiscussions.com/forums/introduce-yourself.1088/

    Thanks in advance and have fun!
    RadioDiscussions Administrators

More on the topic of wide open Wi-Fi Networks

JerryStevens

JerryStevens

Recently there was a discussion here about a guy arrested in Florida for parking in front of a guy's house with his laptop for the purpose of stealing access to his Wi-Fi.

Another article about stealing Wi-Fi got my attention because of this quote: ""I haven't paid for Internet since I've been in New York City," said one friend of this reporter. "Ditto," chimed in another.

I noticed it because on a recent trip to New York, I sat down at a Starbucks to log on to T-Mobile and saw I was picking up several wide open Wi-Fi networks no doubt coming from nearby apartments and/or businesses.

I wonder how many people decide to just use one of those instead of paying T-Mobile. In big cities like New York, Wi-Fi theft must be very common indeed.

Yes, there are a lot of careless or ignorant people but as the article points out, some of these may be open intentionally: "There is also the possibility that someone could have set up the unsecured connection as a trap. Experts say it's possible for the network subscriber to gain at least partial access to your computer, read your e-mails and see the pages you visit if you are using their connection. Any personal information you send online could then be compromised."<P ID="signature">______________
Jerry

"Everyone is entitled to his own opinion, but not his own facts" - late Senator Daniel Patrick Moynihan</P>
 
> I noticed it because on a recent trip to New York, I sat
> down at a Starbucks to log on to T-Mobile and saw I was
> picking up several wide open Wi-Fi networks no doubt coming
> from nearby apartments and/or businesses.
>
> I wonder how many people decide to just use one of those
> instead of paying T-Mobile. In big cities like New York,
> Wi-Fi theft must be very common indeed.

Theft is the wrong word. We don't know what it is yet, because there's little or no law on the subject. Normally theft (as we know it) is larceny, defined as "taking of almost anything of value without the consent of the owner, with the intent to permanently deprive him or her of the value of the property taken."

Now, again there is no law on this. But I would make the argument that if you're setting up a wireless internet connection, and you don't take affirmative steps to seal it, knowing full well the fact that wireless waves travel in the air (the reason you bought the thing), that you are consenting to the receipt of those wireless waves by those who have wireless cards.

Wireless waves are radio waves--we can't stop them, and no one owns them when they are in the air. The onus is on the wireless connection subscriber to take the necessary steps to prevent signal bleed (i.e., encryption).
 
> Yes, there are a lot of careless or ignorant people but as
> the article points out, some of these may be open
> intentionally: "There is also the possibility that someone
> could have set up the unsecured connection as a trap.
> Experts say it's possible for the network subscriber to gain
> at least partial access to your computer, read your e-mails
> and see the pages you visit if you are using their
> connection. Any personal information you send online could
> then be compromised."

Thats why you allways make sure to NEVER do important things on an unsecured WiFi. Again, there are so manny things you can do to secure your WiFi - WEP, MAC filtering, or simply turn off "Broadcast SSID" and make sure that you change the ID, cause 'default', 'wireless' and 'liksys' are the default names of the majority of WiFi AP's/routers.

If you are worried about wireless security and are ignorant, you have 2 options: read the manual, or buy a wired router & a switch and run CAT5 throughout the house. BTW, if you live in an apartment/townhouse, you can turn off one antenna to make sure that the signal is weak outside of the apt/town house.

if anyone has any questions about wireless network security (IE, your scared the geek next door is downloading warez on your connection & the feds are on your tail), email me at doowop(dot)guy(at)gmail.com. Allways glad to help.
<P ID="signature">______________

AOL IM: wnjoldies or jamminoldies105
CBS-FM lives at http://67.83.117.32:8010
Oldies Board co-moderator</P>
 
> > I noticed it because on a recent trip to New York, I sat
> > down at a Starbucks to log on to T-Mobile and saw I was
> > picking up several wide open Wi-Fi networks no doubt coming
> > from nearby apartments and/or businesses.
> >
> > I wonder how many people decide to just use one of those
> > instead of paying T-Mobile. In big cities like New York,
> > Wi-Fi theft must be very common indeed.
>
> Theft is the wrong word. We don't know what it is yet,
> because there's little or no law on the subject. Normally
> theft (as we know it) is larceny, defined as "taking of
> almost anything of value without the consent of the owner,
> with the intent to permanently deprive him or her of the
> value of the property taken."

It's not the subscriber who's being robbed. He/she pays a flat rate regardless of how much data they upload or download. It's the ISP, who is capable of sending "x" number of kilobytes per second of data over their network. The ISP sells that data flow (which is technically not "bandwidth" but that's the common term) to their customers only. Anyone else who intercepts that data from the customer's network is considered stealing from the ISP since those kilobytes could potentially be going to a paying customer.

At least that's the interpretation I'm hearing.

> Now, again there is no law on this. But I would make the
> argument that if you're setting up a wireless internet
> connection, and you don't take affirmative steps to seal it,
> knowing full well the fact that wireless waves travel in the
> air (the reason you bought the thing), that you are
> consenting to the receipt of those wireless waves by those
> who have wireless cards.

I believe some states and localities do have laws against this. The FCC does not have any jurisdiction (yet) since Part 15 communications devices (like consumer WiFi or garage-door openers) have no protection of any kind.

> Wireless waves are radio waves--we can't stop them, and no
> one owns them when they are in the air.

If someone wants to stream their own content over a WiFi system without being connected to an ISP, there's nothing stopping them. It's just another form of Part 15 radio station and it's 100% legal. But if the content (web page, streaming audio, or even email) is coming from someone else via ISP, that person/company owns the content and the ISP owns the transmission conduit, and it's being retransmitted without permission.

> The onus is on the
> wireless connection subscriber to take the necessary steps
> to prevent signal bleed (i.e., encryption).

Absolutely true, and maybe it's about time the general public was educated on how to secure their home networks. Maybe ISPs should start cutting off service to unsecured wireless networks.
 
"Theft is the wrong word."

Perhaps not technically correct legal terminology but not conversationally wrong any more than the common term "identity theft" is wrong.

"We don't know what it is yet, because there's little or no law on the subject. "

Really? (He said said cautiouslly noting that your profile says your occupation is "law/radio historian". Does that mean you are a lawyer and in radio or you are a historian who specializes in the history of law and of radio?)

The story I linked to says the following: "The arresting officer wasn't initially sure a violation took place," said George Kajtsa of the St. Petersburg Police Department. "He consulted our legal staff and they looked up the relevant statute."

The charge, <font color=red>unauthorized access to a computer network</font>, applies to all varieties of computer network breaches, and gives prosecutors considerable leeway depending on the severity. It carries a potential sentence ranging from probation to 5 years in prison."

Now I know that you can't believe everything you read online but CNN is somewhat credible isn't it?

"Now, again there is no law on this. But I would make the argument that if you're setting up a wireless internet connection, and you don't take affirmative steps to seal it, knowing full well the fact that wireless waves travel in the air (the reason you bought the thing), that you are consenting to the receipt of those wireless waves by those who have wireless cards."

I would argue that your argument is the same as a thief who says that since your car is unlocked, knowing full well that anyone can walk by, it wasn't really theft when he merely pushed the handle and entered it.

Also, I could make the same argument with regard to <u>wired</u> access. i.e. If you don't set up a firewall, you can't blame me for accessing your pc:

You set up a wired internet connection, and don't take affirmative steps to seal it, knowing full well the fact that networks pulses travel over wires (the reason you bought the thing), that you are consenting to the receipt of those wired waves by those who have modems. All I did was change the word "wireless" to "wired".

Either CNN is full of it, or the point is moot as it has already been ruled illegal.<P ID="signature">______________
Jerry

"Everyone is entitled to his own opinion, but not his own facts" - late Senator Daniel Patrick Moynihan</P>
 
"It's not the subscriber who's being robbed. He/she pays a flat rate regardless of how much data they upload or download. It's the ISP, who is capable of sending "x" number of kilobytes per second of data over their network. The ISP sells that data flow (which is technically not "bandwidth" but that's the common term) to their customers"

Accepting your point that bandwith is not technically correct, but common parlance when discussing this, the "thief" is slowing down your access by robbing you of "bandwith", is he not?<P ID="signature">______________
Jerry

"Everyone is entitled to his own opinion, but not his own facts" - late Senator Daniel Patrick Moynihan</P>
 
"If you are worried about wireless security and are ignorant, you have 2 options: read the manual, or buy a wired router & a switch and run CAT5 throughout the house. BTW, if you live in an apartment/townhouse, you can turn off one antenna to make sure that the signal is weak outside of the apt/town house."

I wrote about this only because I find it interesting. I am not excessively concerned about my own vulnerability. I'm no expert on computer networks but neither am I entirely ignorant. Paranoid maybe.

I only use WiFi when I'm on the road and my laptop has no critical information on it. When I'm at home, I have a wired router for all of our pc's, well-firewalled. Even so, I have one pc with my most sensitive information that is not on the network.<P ID="signature">______________
Jerry

"Everyone is entitled to his own opinion, but not his own facts" - late Senator Daniel Patrick Moynihan</P>
 
> The charge, unauthorized access to a computer network,
> applies to all varieties of computer network breaches, and
> gives prosecutors considerable leeway depending on the
> severity. It carries a potential sentence ranging from
> probation to 5 years in prison."

Define 'unauthorized'. Unless there was a WEP and/or MAC filtering, andbody with a wifi card has the authority to connect to the network by the paramaters for a authroized user in the routers config.

Now, if he was sitting in his truck packet sniffing to figure out the WEP and a authorized MAC address, then nail him to the wall. If the moron who set it up didnt use MAC filtering or a WEP, then READ THE MANUAL!<P ID="signature">______________

AOL IM: wnjoldies or jamminoldies105
CBS-FM lives at http://67.83.117.32:8010
Oldies Board co-moderator</P>
 
"Define 'unauthorized'."

Okay. 1) made without actual, implied or apparent authority.
2) not endowed with authority without official authorization; "an
unauthorized strike."

I'm not arguing in favor of these laws, merely pointing out that contrary to what people think, they exist. It's counterintuitive. It is <u>highly</u> unlikely that a prosecutor would choose to go after somone sitting in his living room feeding off the unprotected signal of their neighbor, but neither is it impossible. (The guy in Florida repeatedly parked outside his neighbor's house.)

What makes it interesting is that people assume that because it travels through the air, it can't possibly be illegal.

It's similar to why so many people who download songs illegally just can't accept that it IS illegal. It's not tangible. They didn't steal anyone's CD, they just pushed a few keyboard keys.<P ID="signature">______________
Jerry

"Everyone is entitled to his own opinion, but not his own facts" - late Senator Daniel Patrick Moynihan</P>
 
Everything you send over the network can be stolen...regardless of if you're even associated to a particular AP. Yes, even your SSL web sessions (with enough resources).

The easiest thing to do is to grab session hashes from the HTTP headers...completely bypasses those pesky encrypted passwords.
<P ID="signature">______________
</P>
 
> I wrote about this only because I find it interesting. I am
> not excessively concerned about my own vulnerability. I'm no
> expert on computer networks but neither am I entirely
> ignorant. Paranoid maybe.

When it comes to the status of some of the wi-fi networks' security...a little
paranoia is just fine. I won't rehash some of the earlier posts about some of the steps one can take. One tip that hasn't been mentioned is to make sure you have removed file sharing from your TCP/IP settings -- and if you have a software firewall installed, please use it when using wifi networks at hotels and other public places. None of the solutions are ultimate but at least implement what protections you can.

> I only use WiFi when I'm on the road and my laptop has no
> critical information on it. When I'm at home, I have a wired
> router for all of our pc's, well-firewalled. Even so, I have
> one pc with my most sensitive information that is not on the
> network.

I have a combo of a wired and wireless network but I use a package I mentioned before Lucid Link (free version available at lucidlink.com for 3 home users) to attempt to secure my connection. There are many other ways to protect your wireless connection but if you use a well known brand of wireless router, Lucid link can automatically configure settings for your router. I, like Jerry, do not have my personal or sensitve data available on my network.
>
 
Thanks for the comforting words. I feel so much better now!

> Everything you send over the network can be
> stolen...regardless of if you're even associated to a
> particular AP. Yes, even your SSL web sessions (with enough
> resources).
>
> The easiest thing to do is to grab session hashes from the
> HTTP headers...completely bypasses those pesky encrypted
> passwords.
> <P ID="signature">______________
Jerry

"Everyone is entitled to his own opinion, but not his own facts" - late Senator Daniel Patrick Moynihan</P>
 
> "It's not the subscriber who's being robbed. He/she pays a
> flat rate regardless of how much data they upload or
> download. It's the ISP, who is capable of sending "x"
> number of kilobytes per second of data over their network.
> The ISP sells that data flow (which is technically not
> "bandwidth" but that's the common term) to their customers"
>
> Accepting your point that bandwith is not technically
> correct, but common parlance when discussing this, the
> "thief" is slowing down your access by robbing you of
> "bandwith", is he not?

Depends. If the connection to the ISP is broadband (T1 speed or faster) then there the connection is probably capable of multiple PCs without any noticeable degradation of performance. If the connection is dial-up, then that already-slow 56 kbps (or less) is split between those same PCs and the performance would be degraded.

What might be illegal is connections to the ISP's service outside an area that is owned/rented by the ISP's customer. I can use as many PCs on my home network as I want, but I only have one IP address, which is connected to my router/firewall. All PCs connected to my LAN, and hence to the internet, are under my control. My girlfriend and myself, as the only residents of this apartment, are the only ones authorized to use my ISP connection since we pay the bill.

The murky area is if I was to open up my LAN to other people physically outside my residence. If I installed an Ethernet connection outside (I don't have wireless) and let my neighbor connect his PC to it via my LAN, it would be illegal since my neighbor is a potential customer of the ISP. This is akin to my neighbor running his TV off my power lines if he didn't have electricity for some reason. The power company would take exception to that. But if I invite him into my home and let him use my PC and my internet connection or watch TV in my living room, then it would be perfectly OK.

The question is whether the connection to a home network (wired or wireless) is within an area that is controlled by the person paying for the connection. Wardrivers, by definition, are not within that area. Guests in the customer's home or backyard are.
 
> "Theft is the wrong word."
>
> Perhaps not technically correct legal terminology but not
> conversationally wrong any more than the common term
> "identity theft" is wrong.

But "identity theft" has been recognized as the appropriate term; numerous laws have been titled "act to prevent identity theft".

> "We don't know what it is yet, because there's little or no
> law on the subject. "
>
> Really? (He said said cautiouslly noting that your profile
> says your occupation is "law/radio historian". Does that
> mean you are a lawyer and in radio or you are a historian
> who specializes in the history of law and of radio?)

Graduated from law school, took the bar exam, awaiting results. But the computer law arena (and wireless internet) is still fairly uncharted.

> The story I linked to says the following: "The arresting
> officer wasn't initially sure a violation took place," said
> George Kajtsa of the St. Petersburg Police Department. "He
> consulted our legal staff and they looked up the relevant
> statute."
>
> The charge, unauthorized access to a computer network,
> applies to all varieties of computer network breaches, and
> gives prosecutors considerable leeway depending on the
> severity. It carries a potential sentence ranging from
> probation to 5 years in prison."
>
> Now I know that you can't believe everything you read online
> but CNN is somewhat credible isn't it?

Not arguing there; CNN may be credible. I'm not arguing the facts of the story. I'm arguing that the law, especially since I see that they're calling this "unauthorized access to a computer network". If I was there, i;d take this case in a minute because it has so many holes and unknowns. A computer network? Come on, DA.

> "Now, again there is no law on this. But I would make the
> argument that if you're setting up a wireless internet
> connection, and you don't take affirmative steps to seal it,
> knowing full well the fact that wireless waves travel in the
> air (the reason you bought the thing), that you are
> consenting to the receipt of those wireless waves by those
> who have wireless cards."
>
> I would argue that your argument is the same as a thief who
> says that since your car is unlocked, knowing full well that
> anyone can walk by, it wasn't really theft when he merely
> pushed the handle and entered it.

But, the car's owner isn't broadcasting his car's contents in open air, nor is he making access available in open air. An affirmative act is needed to enter the car--intent to do all the following: lifting the handle, opening the door, taking the thing, etc. With a wireless connection, all you have to do is the innocent act of turning on your computer.

> Also, I could make the same argument with regard to wired
> access. i.e. If you don't set up a firewall, you can't blame
> me for accessing your pc:

Now you know as well as I that there's a big physical difference between wired and wireless connections.

> You set up a wired internet connection, and don't take
> affirmative steps to seal it, knowing full well the fact
> that networks pulses travel over wires (the reason you
> bought the thing), that you are consenting to the receipt of
> those wired waves by those who have modems. All I did was
> change the word "wireless" to "wired".

Ah, to connect to a wired network you need to access a CLOSED circuit, one that has defined entrance and exit points. Turning on your computer, then plugging in a cable, then connecting via modem--those are affirmative acts.

Wireless is already there--it's in the air, my no fault of your own. You can access cellular phone calls with a scanner--innocent reception of them is not illegal. Same with wireless internet connections--they are in the air. You, the connectee, cannot be held responsible for accessing it.

> Either CNN is full of it, or the point is moot as it has
> already been ruled illegal.

It's not CNN who's full of it; it's the DA in this jurisdiction who thinks he can charge someone with this. He's nuts.
 
Good discussion. You say the DA is nuts, and I say he will win. (Which does not prove he's not nuts but it will prove that if he is, he is in good company)

In fact, I'll bet the defense attorney plea bargains.

We'll see who's right.<P ID="signature">______________
Jerry

"Everyone is entitled to his own opinion, but not his own facts" - late Senator Daniel Patrick Moynihan</P>
 
> Ah, to connect to a wired network you need to access a
> CLOSED circuit, one that has defined entrance and exit
> points. Turning on your computer, then plugging in a cable,
> then connecting via modem--those are affirmative acts.

Booting up a PC with wireless gear installed is an affirmative act. Choosing to access a wireless network known to not be public is also an affirmative act.

> Wireless is already there--it's in the air, my no fault of
> your own. You can access cellular phone calls with a
> scanner--innocent reception of them is not illegal.

It most certainly is, and has been since the late '80s. Section 605 of the Communications Act specifies what communications cannot be listened to and/or divulged. You can listen to police & fire department communications legally but cannot divulge their content. You cannot listen to cellular communications at all.

> Same with wireless internet connections--they are in the air.
> You, the connectee, cannot be held responsible for accessing it.

Just because something is being transmitted over the air doesn't make it public. Technically, only transmissions by broadcasters and ham radio operators are considered 100% public.
 
> > Ah, to connect to a wired network you need to access a
> > CLOSED circuit, one that has defined entrance and exit
> > points. Turning on your computer, then plugging in a
> cable,
> > then connecting via modem--those are affirmative acts.
>
> Booting up a PC with wireless gear installed is an
> affirmative act. Choosing to access a wireless network
> known to not be public is also an affirmative act.

Booting up a computer, in and of itself--whether it has wireless gear or not--is not an illegal act and is wholly innocent conduct.

Your comment "known not to be public" is a key phrase--you, computer suer, have to intend to connect to a non-public network. With the waves traveling in the air and open connections available, John Q. Computer User may not know what is and what is not public. I'm not even sure the law knows what is or is not considered public for these purposes.

> > Wireless is already there--it's in the air, my no fault of
>
> > your own. You can access cellular phone calls with a
> > scanner--innocent reception of them is not illegal.
>
> It most certainly is, and has been since the late '80s.
> Section 605 of the Communications Act specifies what
> communications cannot be listened to and/or divulged. You
> can listen to police & fire department communications
> legally but cannot divulge their content. You cannot listen
> to cellular communications at all.

The statute, 47 USC 605, is specific in that it only punishes "willful" conduct--that is an actor must act with conscious disregard for a known legal duty or a known risk.

Further, the courts have recognized that the prohibition is the interception AND the publiocation or divulgence of the content.

I'm not sure if wireless internet communications would fall under this section--is it radio (I contend yes); or is it wire (because by cable or DSL phone line)? Interesting, unresolved question.

> > Same with wireless internet connections--they are in the
> air.
> > You, the connectee, cannot be held responsible for
> accessing it.
>
> Just because something is being transmitted over the air
> doesn't make it public. Technically, only transmissions by
> broadcasters and ham radio operators are considered 100%
> public.

But the waves are public--and an innocent act of connecting to a "public" (broad sense) radio communication is not punishable under Section 605.
 
> Booting up a computer, in and of itself--whether it has
> wireless gear or not--is not an illegal act and is wholly
> innocent conduct.

True enough, but we're talking about intent here. Connecting wireless equipment to your PC could be defined as intent to access a wireless network. Its up to the network owner to secure his system and the person with the wireless gear to be honest enough not to access someone else's network. Wardrivers are looking for open networks, public or private and should be considered malicious users.

> Your comment "known not to be public" is a key phrase--you,
> computer suer, have to intend to connect to a non-public
> network. With the waves traveling in the air and open
> connections available, John Q. Computer User may not know
> what is and what is not public. I'm not even sure the law
> knows what is or is not considered public for these
> purposes.

Anyone setting up a network had better know exactly what he's doing or hire someone to do it right. If anything, everyone should know their public IP address as determined by their ISP. That can be checked either by the command "ipconfig" in a Windows 2000 or XP command window or by using your router or cable modem's web admin program, depending on your setup.

Once you know your own IP address, it's safe to assume that any other address that your wireless setup can pick up is someone else's private network unless you know for a fact that it's public.

> > > Wireless is already there--it's in the air, my no fault of
> > > your own. You can access cellular phone calls with a
> > > scanner--innocent reception of them is not illegal.
> >
> > It most certainly is, and has been since the late '80s.
> > Section 605 of the Communications Act specifies what
> > communications cannot be listened to and/or divulged. You
>
> > can listen to police & fire department communications
> > legally but cannot divulge their content. You cannot listen
> > to cellular communications at all.
>
> The statute, 47 USC 605, is specific in that it only
> punishes "willful" conduct--that is an actor must act with
> conscious disregard for a known legal duty or a known risk.
>
> Further, the courts have recognized that the prohibition is
> the interception AND the publiocation or divulgence of the
> content.

The law was always pretty vague but it doesn't matter that much anymore as far as cellular communications are concerned. Intercepting analog cellular signals is probably a dead issue since most providers have gone digital. There are probably a few still around but they'll be gone in the next few years at most.

> I'm not sure if wireless internet communications would fall
> under this section--is it radio (I contend yes); or is it
> wire (because by cable or DSL phone line)? Interesting,
> unresolved question.

It is unresolved at this time as far as federal law is concerned, but I wouldn't risk it is some jurisdictions.

> > > Same with wireless internet connections--they are in the air.
> > > You, the connectee, cannot be held responsible for accessing it.
> >
> > Just because something is being transmitted over the air
> > doesn't make it public. Technically, only transmissions by
> > broadcasters and ham radio operators are considered 100% public.
>
> But the waves are public--and an innocent act of connecting
> to a "public" (broad sense) radio communication is not
> punishable under Section 605.

That's true, but wardrivers don't connect to wireless networks innocently. However, Part 15 devices specifically are offered no legal protection whatsoever.

The bottom line is that the network owner has to do his job and secure his system and make sure that only his PCs can connect to it. A PC is not a television and the internet is not Cable TV. If one wants to connect to the internet with a reasonable guarantee of security, he/she'd better learn what's required. That means becoming somewhat of an IT person, even in a limited sense. Read, read, and read some more.

Or don't use wireless. Better yet, stay off the internet completely if you don't know what you're doing. It is not a toy. It's not necessary to be an MCSE or Linux guru, but you have to learn something about networking if you're gonna set one up.
 
> The bottom line is that the network owner has to do his job
> and secure his system and make sure that only his PCs can
> connect to it. A PC is not a television and the internet is
> not Cable TV. If one wants to connect to the internet with
> a reasonable guarantee of security, he/she'd better learn
> what's required. That means becoming somewhat of an IT
> person, even in a limited sense. Read, read, and read some
> more.
>
> Or don't use wireless. Better yet, stay off the internet
> completely if you don't know what you're doing. It is not a
> toy. It's not necessary to be an MCSE or Linux guru, but
> you have to learn something about networking if you're gonna
> set one up.
>

With all this I agree. I don't dispute anyone's points here. I just think it would be very interesting to defend this case--as a lawyer, especially one who's interested in radio communications, it would be an interesting issue of first impresssion and would be a joy to research and argue.

That's as far as I go--I say if you haven't protected your network, tough luck guy.
 
Status
This thread has been closed due to inactivity. You can create a new thread to discuss this topic.
Back
Top Bottom