Wireless Hijacker Dealt First UK Punishment

paella_dodger writes "The BBC is reporting on a recent UK court case whereby a man was fined £500, sentenced to 12 months' conditional discharge and had his laptop confiscated for browsing the 'net on his neighbour's wireless Internet conenction. Perhaps I should secure my neighbour's wireless connection for him before Windows automagically connects to it and gets me arrested!"

Re:In Perspective...

[Breakfast Pants]

Wrong guy, different case, and hell, different country even.

Justice

[RAMMS+EIN]

``before Windows automagically connects to it and gets me arrested''

Fortunately, most courts still discriminate between intentionally and accidentally doing something. If you're connecting to someone else's wireless network from your car (which, I assume, means that you don't have any wireless network facilities of your own around), it's pretty hard to maintain that you did it by accident.

On the other hand, if my mom is found to use the neighbor's network to access the Internet, it will be pretty hard to maintain that she was doing so on purpose. All she knows is that computers can be used as glorified typewriters. GUIs are not for her, much less wireless network configurations.

Accident?

[malkavian]

Not really. Despite the BBC hedging it's bets, and putting the conspiracy angle on it a touch, The Register [theregister.co.uk] has a clearer account of what happened.
Basically the bloke was engaged in Wardriving, and deliberately hooked into the wireless network.
It'll certainly be murky waters when windows automatically selects the average joe's router instead of their own, but with many routers at least asking people to put better security on wireless points, this should start becoming less frequent.
From all accounts, he was caught tapping away on his laptop, moved away when police watched, then came right back to the same point again. At which point he was investigated as he looked a little 'suspicious'.
Wardrivers remember! Just because you're invisible in the network, it doesn't make you invisible to the local copper walking on the street, or the local neighbourhood watch!

How many people secure their networks anyway?

[Dynamoo]

How many people secure their wireless networks anyway? Well, from my own personal experience.. not a lot.

While I'm at home, I can see just one wireless network.. mine. But step outside and I can see eight other ones, only one of which is secured. About half are set to the default network name (so I guess default IP addresses and passwords), all of them except mine use the same channel. And some of them stupidly have the owner's names for the network (stupid.. because a burglar could use that to find out who had kit worth nicking).

So are these people being stupid or what? Errr well.. no, they're just being normal people who expect the kit to work out of the box. But really, who many non-geeks understand WEP, SSIDs, MAC addresses and all the other jargon?

The probably is made worse by "leakage". If you are inside then you'll rarely pick up someone else's wireless connection.. but these things leak out all over the place when you go outside. The perception of the typical user then is that if they can't see someone else's network from inside, then nobody else can see theirs. Alas, this isn't the case.

I think the bottom line is that WiFi is incredibly dangerous if you don't know what you are doing. Most products do work straight out of the box, but crucially they are not secure out of the box. Even Microsoft eventually learned that lesson with its operating systems - early versions of XP didn't even have the firewall enabled and were wide open to attack.

In this particular case the issue of intent is important. Given the proliferation of insecure networks, it must be trivially easy to accidentally connect to some else's wireless point. How you can prove intent is more difficult though.

Re:Accident?

[malkavian]

Actually, considering I work in an NHS hospital, there are very good reason why you don't use their open wireless, and you tell 'em FAST it's there.
Patient records. If you're a nice guy, you won't go looking around. Not everyone is that nice. Ever thought what happens when you delete someone's allergy records when they head to surgery?
We have wireless points here, and regularly go sniffing for open access points run by departments. When we find them, we chastise the owners, and then secure the points.
Or, perhaps, you're happy sharing your medical history with the world. If so, that's fine. Not everybody is.
Incidentally, I'm very suspicious of your claim to read /. from the internal network via an open wireless access point. Simply because the proxies need authentication (it's part of NHSNet's rules). If you don't have the domain account configured for internet access.. Then you're internal only. And you really shouldn't be there.

Re:Unsecure network ?

[twoshortplanks]

Er, yes. Under UK law at least. It's not trespass unless they refuse to leave once you've told them to or they've ignored the sign that says "keep out".

Re:Intentional doesn't mean criminal

[NigelJohnstone]

"The name should tell you if it's a known company or called 'FREEANDUSEME'. "

Except there's no convention for matching an SSID to a usage condition. So 'FreeOnMondayNights' might mean the guy wants a date on mondays or his computer is free on mondays or his wifi is free.....

You can't know from the SSID what the conditions of usage for that network are.

Take another example, you try to connect to "MiksNetwork" and it connects, but you are not sure if Mik really wanted it that way. How the fuck are you supposed to know who Mik is, how you get permission from him, or who has authority to give you permission. His network says it OK, yet you're supposed to assume it still isn't?

Re:Did you read this bit....

[csrster]

You might be thinking about the Cambridge Two [cambridgetwo.com].

IT WILL NOT!

[bradleyland]

"Any Windows machine with a wireless card will automatically connect to any unsecured wireless access point. Period. Allow me to repeat this. Any Windows machine with a wireless card will automatically connect to any unsecured wireless access point." I'm so sick to death of hearing this. Windows will NOT connect to an unsecured wireless network automatically with the SP2 wireless tools. The connection will show up in your list, but you have to click the connect button before it will actually connect you. Once you've connected, the network shows up in your profile, and the OS will continue to use the network until you delete it. The fact is you must actively select the unsecured wireless network in order to use it.

Re:IT WILL NOT!

[Creedo]

I think it depends on the level of service pack you have. My laptop auto-connected until SP2. Now, it behaves as you say.