UK Man Convicted For Wi-Fi Piggybacking

CatrionaMcM tips us to a BBC story reporting that Gregory Straszkiewicz, a UK resident, was fined £500 and sentenced to a conditional discharge for 12 months after being caught using a laptop from a car parked outside somebody else's house. '[H]e was prosecuted under the Communications Act and found guilty of dishonestly obtaining an electronic communications service.' A separate BBC story notes that two other people in England were arrested and cautioned for sharing Wi-Fi uninvited.

Open AP?

[jshriverWVU (810740)]

How does one figure out if the AP is for public use or just someone who forgot to set it up properly?

Re:Open AP?

[dotgain (630123)]

Uhh, the utter lack of advertisement that it's for public use?

Re:Open AP?

[Noah Adler (627206)]

Such as an SSID advertisement?

Re:

[cortana (588495)]

Your car's number plate does not imply that the car is for public use. Broadcasting a signal that declares that a wireless network with a given SSID is available does somewhat.

Re:Open AP?

[jotok (728554)]

This whole line of reasoning has always struck me as a rather disingenuous argument, because proponents of the "Well, the SSID was broadcast and there was no key required, so obviously it's free for anyone to use" theory never offer any criteria for exactly how much the owner of a wireless access point needs to do before random clients can "assume" it's not intended for public use.

There are lots of analogies being thrown around already, I'm sure, so let's just dispense with those for the time being and get down to brass tacks.

My neighbor's access point is a crappy linksys wrouter that he got several years ago. He uses WEP but I can crack that quicker than he can type in the key. Does the fact that he is using a known-to-be-weak encryption scheme mean that I have the right to be on? My other neighbor does not advertise his SSID, but I can get on his AP just the same simply by grabbing enough packets out of the air. Does that mean that I have the right to use the service he's paying for?

Simple deduction tells me that I should not assume that, simply because I can access a resource, the owner does not mind if I access the resource. You cannot validly assume that the average home user of 802.11 technology knows enough to secure it.

Frankly, at this point, I do not care whether or not people want to lay blame for this at the feet of the vendors or of the end users. The simple fact is that unless you have an explicit reason to believe that you are meant to access someone's wireless, you should not; and to access it anyway is unethical.

Re:Open AP?

[ehrichweiss (706417)]

My neighbor's access point is a crappy linksys wrouter that he got several years ago. He uses WEP but I can crack that quicker than he can type in the key. Does the fact that he is using a known-to-be-weak encryption scheme mean that I have the right to be on? My other neighbor does not advertise his SSID, but I can get on his AP just the same simply by grabbing enough packets out of the air. Does that mean that I have the right to use the service he's paying for?

No, as a matter of fact, encryption is THE way to tell if you're allowed to view satellite communications, at least here in the States. If a provider does not encrypt their signal, they have no(as in none, zero, zip, nada, nothing..) legal grounds to say that we can't watch their programming; however the moment they encrypt it, one can become liable for signal "theft" if they decrypt it without permission. The same needs to be applied to the Wifi arena. Laziness on the part of the "system administrator" should under no circumstances be grounds for the little twit to bring you up on criminal or civil charges.

Re:Open AP?

[jotok (728554)]

Oh, sure. I agree with you 100%. But this only means at most that you're free to observe someone's traffic. I do not see anywhere in your argument provisions for communicating back to the AP, negotiating a connection, leasing an IP, and coming to Slashdot.

As has been noted elsewhere, you are assuming "laziness" or incompetence on the part of the "sysadmin" where mere ignorance performs as well. Which explanation do you suppose Occam would select?

Re:Open AP?

[FrankieBaby1986 (1035596)]

As I have said on slashdot before: COMPUTERS ARE NOT APPLIANCES!

Just because I can get in a a car and drive it doesn't mean I should.
If you do not possess the knowledge to properly set up a wireless network, then by no means should you be doing it.
The law should be simple: if you set it up, w/ SSID broadcast turned off, encryption enabled, or both, then you should be allowed to sue for unauthorized access. If neither, then it should be assumed it is a public service

The lack of technical knowledge of the 'victim' DOES NOT MATTER. They failed to follow the directions that came with the router. They failed to learn about the tech they were about to use. They get burnt.

If I install a dishwasher myself, but fail to read the directions, and it floods my house, Is it the water's fault, or mine?

Re:Open AP?

[jotok (728554)]

Please, can we stay away from the analogies? I don't think they're especially productive.

You argued that if I don't know how to control the behavior of the technology I bought, then I'm still at fault for the results. So if someone's client connects to my AP because they don't know how to modify its default behavior, why are they not at fault? I submit that this is a double standard.

Re:no it should not

[tinkerghost (944862)]

An inanimate piece of equipment cannot grant your legal authority to someone

Per your interpretation, you have just engaged in criminal computer tresspass by using the slashdot web site. You requested permission to use the system (through your browser), that permission was granted by the system (through the web server). Since a piece of equipment cannot grant legal authority to someone, you had no authority to use the system.

There is no technical difference between the protocol exchange in the HTTP & the 801 series, both are automated request/response protocols which grant authorization.

Re:Open AP?

[rifter (147452)]

This whole line of reasoning has always struck me as a rather disingenuous argument, because proponents of the "Well, the SSID was broadcast and there was no key required, so obviously it's free for anyone to use" theory never offer any criteria for exactly how much the owner of a wireless access point needs to do before random clients can "assume" it's not intended for public use.

I see your point and I do understand where you are coming from on this, but the problem is a bit sticky.

For instance, where I live, and probably where most people live these days, pretty much every business around from the local hamburger joint to the local bar, etc advertises free wifi. Many if not most of them simply set up an AP with a broadcast SSID and have done. The people who work there may not even know what the SSID is, but they expect you to just search and find it, which you can. In several places there is overlap between these APs from businesses and similarly configured APs from regular folk. Sometimes the SSID is obvious, like $RESTAURANT, but sometimes it's just the default Linksys SSID or whatever. There are services that help these folks set up their networks and require some kind of authentication over ssl to actually get out to the net, etc, or will just set up the system for you in some other way, but those cost money, and, like I said, many small businesses find it simpler to just fire up an AP out of the box and hook it up.

I have also noted that since encryption adds significant overhead to wifi connections, making them in many cases many times slower than without, people will open the network for that reason alone. The 11mbps connections were especially nasty that way.

Then you have your neighbour problem. Sure it's not anything like the situation with getting connected to an open wifi connection run by a business, but even so there are people who deliberately set their wifi networks as open networks that broadcast their SSID specifically because they want people to be able to use them. There are even clubs that work together to convince people to set their networks up this way, and set their own up this way, specifically so people can use them.

Given all that and the permissive nature of these networks, a culture is brewing such that people do not see connecting to open networks as wrong, and often do not care that people connect to theirs. In my experience, this is actually more the rule than the exception, even with non-technical users.

Now we come to your point. For instance the person who just got wifi and has no idea other people can connect to it, etc, who barely struggled through the instructions and has no idea how to monitor the connection. This is the guy I am sure your worry most about. It's not their fault they did not secure their network, per se, and it is not fair in any case for people to just use their stuff because the "door is open" and the "keys are in it" or whatever analogy you like today. But at the same time it's hard to draw the line between legitemately using an open network and using one that was not supposed to be open. Sometimes, in fact, it's the proverbial "clueless user" who ends up on the wrong network thinking he is on his own. It's even weirder when they are both called "Linksys." How is he supposed to know? I actually got onto my girlfriend once for getting on someone else's network, but she not only did not know she'd done that, but did not know at the time how she could have told what network she was on. (She is more expert now).

Usually people that are connecting to other's networks are not doing anything more nefarious than using someone else's bandwidth. I do know some people who deliberately set up open networks had to close them because some one did try to hack the other boxes on their home network. In any case, it is probaly is a good idea not to connect to networks not your own unless you know it is open on purpose. In the case of the neighbour you can generally ask, and I

Re:Open AP?

[JackHoffman (1033824)]

If you wear a sticker that says "Hi, my name is John", then you can't complain if I talk to you and ask you to give me a ride. If you then answer "yes, get in the car", you can't complain if I do get in the car and tell you that I would like to go to the next McDonald's. If you then drive me there, you can't complain that I hitched a ride from you and didn't pay you. An open router is a very friendly piece of hardware. It tells people that it's there, it hands out IP addresses and it routes strangers' packets and all you have to do is ask for the favor.

Re:

[slart42 (694765)]

Uhh, the utter lack of advertisement that it's for public use?

My WAP is open. It is intentionally so. My neighbours or anyone just generally passing by are free to share it. And people frequently do, according to my router's logs. It's not that I'm constantly needing those 6 MBit myself, so why would I mind anyone else using them. I see the fact that the network is unprotected as invitation enough for anyone to join in. I don't see myself posting ad banners around the street saying "Please share my WiFi" (a

Re:Open AP?

[DerekLyons (302214)]

My WAP is open. It is intentionally so. My neighbours or anyone just generally passing by are free to share it. And people frequently do, according to my router's logs. It's not that I'm constantly needing those 6 MBit myself, so why would I mind anyone else using them. I see the fact that the network is unprotected as invitation enough for anyone to join in.

You may see it as so. But the law disagrees. In fact the law (in this instance) is consistent with locks on doors, etc... Absence of a lock is not indicative of permission to enter. This makes sense because, lacking signs, there is no way to tell the difference between a WAP you are encouraged to enter, and one where the owner forgot to lock his door.

This the kind of thing that crashes the legal mind

[Archtech (159117)]

"My WAP is open. It is intentionally so. My neighbours or anyone just generally passing by are free to share it. And people frequently do, according to my router's logs. It's not that I'm constantly needing those 6 MBit myself, so why would I mind anyone else using them".

Wow, what subversive pinko commie ideology is that? Sharing things free of charge with your neighbours, or - still worse - with total strangers? That's the kind of behaviour that troublemaker Jesus Christ was executed for advocating! No wonder the law comes down hard on it. Next thing you'll be suggesting we should start sharing source code with complete strangers, for Pete's sake.

Re:

[mahmud (254877)]

He provides the prosecution with numerous logs showing that he is not the only user of his WAP? Or are we talking about legal system where one does not need to prove suspect to be guilty beyond reasonable doubt in order to convict him?

Re:

[Dragonslicer (991472)]

Or are we talking about legal system where one does not need to prove suspect to be guilty beyond reasonable doubt in order to convict him?

If it's a civil case about copyright infringement, then yes we are.

Re:Open AP?

[servognome (738846)]

Uhh, the utter lack of advertisement that it's for public use?

Linksys = Latin for "Welcome", right?

Re:

[Feanturi (99866)]

But this was a guy in a car parked outside the house. It's not like he was a neighbor that couldn't tell the difference between routers and didn't know any better. He had no other business to be parked there, other than to use wifi that he didn't ask permission to use. It's like he just walked into their yard to use their garden hose to wash his car, as it was there just spread 'invitingly' across the front yard from the morning's watering.

He wasn't waiting for a bus and idly checking to see if he could go

Re:Open AP?

[LiquidCoooled (634315)]

It's no different than seeing an unlocked door. You wouldn't just walk in and look around would you?

That depends, is it a shop?

Re:Open AP?

[drinkypoo (153816)]

Unless you are told/informed/read other wise, a network is NOT public. It's no different than seeing an unlocked door. You wouldn't just walk in and look around would you?

I love this example, because there is a legal difference in many jurisdictions between locked and unlocked doors.

If you defeat a lock and enter a building, that is breaking and entering. But if the door is unlocked the most you can be convicted of (providing you haven't damaged or stolen anything) is trespassing.

The law should really make the same distinction about networks.

Re:

[false_cause (1013577)]

Do you think he would have gotten a 500 pound fine and 12 months probation if he had hacked into a secure network? I think the court probably used it's judgment in assessing the sentence and indeed recognized that the crime was more "trespassing" and less "breaking and entering."

Re:Open AP?

[drinkypoo (153816)]

Do you think he would have gotten a 500 pound fine and 12 months probation if he had hacked into a secure network?

What I think is that 500 pounds and 12 months' probation is fucking ridiculous when you're not even causing any harm.

If he WAS causing actual harm, then I would limit his financial obligation to paying the victim for actual damages.

The fact that he was fined 500 pounds proves that this is about grabbing money from people, not keeping people from using open APs (which is impossible anyway.)

Re:

[Belial6 (794905)]

It's more like walking across someones lawn. I don't know how it works in the UK, but unless you have specifically posted a no trespassing sign or specifically asked them to leave your property, you cannot have someone arrested for trespassing on your front lawn here in the US. It has an implied invitation. Now, if the guy had actually accessed a computer on there internal network, maybe...just maybe, it could be likened to entering an unlocked house.

Re:Open AP?

[hobbesmaster (592205)]

You can only charge someone for trespassing after you tell them to leave... Same should of course apply for wifi.

Re:Open AP?

[JackHoffman (1033824)]

It's no different than seeing an unlocked door.

Yes, it is very much different from seeing an unlocked door. That's why intelligent people don't resort to analogies to discuss simple concepts like communication over radiowaves. The established standard has means of negotiation that allow people to use a shared resource without prior agreements. Using the standard is vital to many interesting and legitimate uses of the shared resource. You're advocating a restriction on useful applications to give technological nitwits the illusion of safety, while in reality their baseless assumption of being protected only causes them to be more vulnerable because they see no need to secure their networks. There is not even one good reason for punishing the use of open access points by anyone.

Backwards....

[tinkerghost (944862)]

Unless you are told/informed/read other wise, a network is NOT public.

Technically, the structure of the internet is built on a 'Default allow' schema. Essentially, if you don't say 'no' then I can. I don't have to get permission to use your web server, your anonymous FTP server, or route over your backbone. If you choose to, you can of course block all of those, but you have to choose to disallow me access.

Add to that the facts that public 'hot spots' are more & more common & XP will sometimes jump from one network to another without asking and you have a recipee for legal chaos when incompetents leave their AP's open.

It's no different than seeing an unlocked door. You wouldn't just walk in and look around would you?

Do it all the time - I don't actually remember the last time a business had someone out front asking me to come in.

Quick Change

[HTH NE1 (675604)]

It's no different than seeing an unlocked door. You wouldn't just walk in and look around would you?

Do it all the time - I don't actually remember the last time a business had someone out front asking me to come in.

You haven't been walking through the right districts.

"Nude women! Nude women! Clowns welcome! Clowns welcome! Nude women! Clowns welcome!"

Re:

[JackHoffman (1033824)]

There is a reasonable threshold for "saying no". If your AP/website is indistinguishable from an access point/website that is meant to be public, then you're not saying no in a reasonable way. That is the only way the internet and public hotspots can work. If your AP uses WEP-40bit encryption, you're not doing what's necessary to protect your data, but you are clearly saying no to users who did not get the key from you. Likewise, even simple HTTP authentication is sufficient for making a resource private.

Good, I hope this continues and moves to the US

[stratjakt (596332)]

Just because you can do it, doesn't mean you have the right to.

Re:Good, I hope this continues and moves to the US

[jackharrer (972403)]

Say it to all kids in UK who vandalize everything around without even a slap in hand.
But for piggybacking wi-fi they charge you £500. Cool. They should also put him in jail, just to show how dangerous for society his actions were.

UK has a lousiest law system in the world, IMHO. I know it well - I live here.

Crime to use open wifi?

[MoHaG (1002926)]

So accepting people's invitation to use their Wifi (by not securing it) is a crime...

It is the same as accusing someone of copyright infringement if they listen to their neighbor's CDs because their sound system is too loud...

PS: I still need to RTFA

Re:Crime to use open wifi?

[purpledinoz (573045)]

Next time you hear your neighbour's music, the moral thing to do is cover your ears so you can't hear music for free.

Re:

[dotgain (630123)]

So accepting people's invitation to use their Wifi (by not securing it) is a crime...

Judge: Oh, I'm sorry, I didn't realise you'd been invited to use that access point. Let's see your invite. Oh, wait - you mean since you weren't explicitly forbidden from using the access point, that's an implicit invitation.

It is the same as accusing someone of copyright infringement if they listen to their neighbor's CDs because their sound system is too loud...

Your analogy is missing a car or two. IOW, it's not a pa

Re:

[pytheron (443963)]

Just as accepting invitations to drive off with my car because I left it unlocked on my drive is a crime.. Just as when someone leaves chips on a card table and doesn't ask someone to keep an eye on them.. well that's an 'invitation' also..

  There is no 'invitation'. When you use someone elses bandwidth, you deprive them of a commodity that they have paid money for. So yes, it ought to be a crime.

Re:Crime to use open wifi?

[drewzhrodague (606182)]

There is no 'invitation'.

Actually, there is. Your access-point broadcasts it's SSID, and an invitation for clients to connect -- about 10 times per second (IIRC). This is part of the specification. Most modern APs will allow you to change some of these parameters, including to prevent SSID broadcasts. Otherwise, most APs do actually invite clients that are within range to connect. Most of them, signal permitting, will do just that.

It's not mystery tech. anymore

[mandelbr0t (1015855)]

The black-hats rely on the fact that no one can see what they are doing to succeed. In many cases, they are still capable of keeping their illegal activities underground. But a guy sitting next to a building with a laptop is kind of obvious. Kudos to the cops for challenging his existence there. I'll even put up with some nosy cops myself to see guys like the one they got go away. Now if only there were an electronic cop that would bring those cowardly, anonymous, SSH phishers and spammers to the surface...

autoconnect

[mastershake_phd (1050150)]

What about when Windows auto-connects to an open AP? Sure you would probably never get arrested for it, but its still technically illegal isnt it?

He asked to use the network

[AciDLnx (541241)]

His computer sent out a DHCP *REQUEST*. His computer said: "Can I have an IP address on this network? Can I have the information I need to get online from this access point?"

To which the access point replied: "Yes, you can have X.X.X.X. You can route your traffic through X.X.X.X."

He *asked* to use the network, and the network said *yes*.

Re:He asked to use the network

[tinkerghost (944862)]

You really don't pay any attention to the details of the protocols do you?

He *tried* the door handle. The door opened. Does this mean he had an automatic right to go inside?

According to the RFC's governing DHCP, yes he does have an automatic right to use the service. Per the standards, it is the responsibility of the server owner to restrict access. The failure of the server owner to lock down the DHCP server no more changes the proper useage of the protocol than a store owner forgetting to lock the door & flip the sign at closing time. The DHCP client asks for & receives permission/configuration details. A customer walks into a business with an open door. Both are default allow scenarios, you don't knock on the door of a business, you try the door & walk in if it's open.

Re:He asked to use the network

[leighklotz (192300)]

> I tried to stand by your window to read my book using your light. The window let me. Does this mean I automatically get the right to use your light?
Is this a trick question? If you're standing in the street, yes.

Open Networks Are Open

[shawn443 (882648)]

First of all, punish people who break into closed networks not open ones. I have accidentally connected to an open network a time or two. Sorry, I meant to connect to the Linksys network, not the Linksys network. Secondly, if DLink and the like would default to a more secure configuration out of the box instead of pandering to the wanabe power users, this problem would be largely eliminated. The computer industry seems to want to make computers so easy anyone can do it. They can't. Take your car to a mechanic, take your clothes to a tailor, take your securely configured router that you can't figure out to me.

Re:

[u19925 (613350)]

Read the article. It was no accidental connection. I am sure, he wouldn't have been arrested and convicted if there was any doubt at all that it was an accidental connection. There are some people who habitually steal network or break into other's system. Some do for fun, most do for some monetary gain and very few do by accident.

NintendoDS

[jshriverWVU (810740)]

How long till some kid with a NintendoDS get's arrested for playing Animal Crossing using an AP the software autodetected?

2005 story

[iangoldby (552781)]

Did anyone notice the date on that first story?

Last Updated: Thursday, 28 July 2005, 08:51 GMT 09:51 UK

That first story (with the £500 fine) was two years ago and concerned someone who hijacked a wireless connection.

The second story (the new one) concerned two people who were cautioned for using people's wi-fi broadband internet connections without permission.

Why does everyone assume the AP was open?

[SmallFurryCreature (593017)]

The article doesn't say it was, in fact it notes the details are extremely sketchy.

Furthermore, if I drop my wallet, does everyone here just assume that I don't want it anymore and you are therefore free to take it?

I had at one time a public access point, it was identified as "Free basic web access, be nice" or something and was run through a linux box wich filtered and limited access quite a bit AND logged everything. I did it mostly out of curiousity. Just what would people access through a connection provided by someone they didn't know?

The answer was suprisingly mundane. Mostly email and light browsing. The location was in Amsterdam in an apartment near the "kalvertoren" a few years ago. For the non-dutch this is in the heart of amsterdam, yes within walking distance of the red-light district. This is holland, everything is in walking distance.

HOWEVER I have also found in more recent years that if you leave an AP open for general use, some people WILL not automatically limit themselves to minimum use. Cue the by now old trick of simply filtering a specific users access to replace all their image requests with tubgirl (if you think goatse is bad, google for it).

Still simply securing your network ain't always enough. At least some wifi security can be easily bypassed. At what point do we say "this is secured enough, you are now commiting a crime".

Personally I think it is bad sign if a bike stolen from an open garden gets a response from the police that you should have a 1 meter high fence, that is locked and the bike should have secured to something. Perhaps some people like to live in a world were everything has to be secured, I prefer to just lock up those that cannot understand the difference between something you own and something someone else owns. Either way, it seems we need an awfull lot of locks in this world.

This guy was behaving rather strangely..

[vorlich (972710)]

The BBC page: http://news.bbc.co.uk/2/hi/uk_news/england/herefor d/worcs/6565079.stm [bbc.co.uk] is quite clear that residents called the police because this man had screened off the windows of his car with cardboard but the light from his laptop was still visible in the early hours of the morning.

Goodness only knows what he could possibly have being doing in there but I guess the local constabulary decided to charge him with a crime that they had evidence of.

So less a story about those brave wardrivers liberating the net from the bourgeoisie and more a story about someone wierdo having a wank.

If that's a slashdot word.

Wi-fi Humping and Sane Laws

[Plutonite (999141)]

Come on, people. There are plans to have free w-lan access across entire states for chrissake..how the hell is some crackhead with a laptop supposed to know the difference between a free "Linksys" and a neighbour's "Linksys" if the two are open for usage? If you want to protect your network then at least show an effort that would require technical skill to overcome. At least then you have a case that a sane court can judge upon, because your effort is then analogous to warning against trespassing.

I can't believe they charged the guy $1000 for something his adapter's Windows client probably did on it's own. Hell, my *Linux* wrapper drivers catch on to the open network with the best signal automatically. I have had to intervene manually several times to stop this piggybacking, or humping as I prefer to call it. And not many people know enough to do this. In particular, you can't expect people to click cancel on an OS that requires a confirmation every time you want to scratch your balls. Wake up, Britain.

Re:

[Elentari (1037226)]

Well, I am, and I don't post the comment you just made on every story that concerns US law.

There are other countries besides yours.

Re:

[Fallingcow (213461)]

You have set up a device that broadcasts its existence and nature in the clear, and that is automatically granting access to its resources to anyone who asks.

If someone sets up a stand with some brochures and a sign that says, "take one," am I stealing if I take one without first asking whoever put it up? Is it my fault if they just wanted something to put their brochures in, and didn't bother to look at what it said, and then ALSO decided to put it in a public place?