Forgot your password?
typodupeerror
The Courts Government Privacy Security Wireless Networking News Hardware

Wireless Hijacker Dealt First UK Punishment 663

Posted by timothy
from the surely-not-the-last dept.
paella_dodger writes "The BBC is reporting on a recent UK court case whereby a man was fined £500, sentenced to 12 months' conditional discharge and had his laptop confiscated for browsing the 'net on his neighbour's wireless Internet conenction. Perhaps I should secure my neighbour's wireless connection for him before Windows automagically connects to it and gets me arrested!"
This discussion has been archived. No new comments can be posted.

Wireless Hijacker Dealt First UK Punishment

Comments Filter:
  • In Perspective... (Score:3, Insightful)

    by md81544 (619625) * on Monday August 01, 2005 @05:52AM (#13212409) Homepage
    As has been mentioned on /. on several times before when this particular case came up, this guy didn't accidentally or "automagically" attach to his neighbour's wifi network: he sat outside their house, in his car, and acted very suspiciously when they walked past (e.g. snapping his laptop shut). He'd been doing this over a three month period. To my mind his punishment was more a result of his behaviour than mere connection to some idiot's wide open wireless network.
  • Typical... (Score:3, Insightful)

    by Anonymous Coward on Monday August 01, 2005 @05:58AM (#13212435)
    before Windows automagically connects to it and gets me arrested!


    Sigh. You know you're on Slashdot when anything bad, no matter how remote, gets blamed on Windows and/or Microsoft.
  • by bioteq (809524) <mike@nano[ ].net ['bit' in gap]> on Monday August 01, 2005 @06:02AM (#13212452) Homepage
    Perhaps, but the same logic still applies; this guy was not just stealing it, he was making himself a target to be caught.

    He is obviously not very smart, either, considering he was seen for the past three months in the same locations. That usualy means he was using the same network for the same deeds each time.

    Honestly, I do not blame the UK government for going down on this guy; he deserves it. Especially since he was stupid enough to get caught the way he did. Sure, war driving is one thing, but blatently sitting infront of someone's home, leeching their network is a whole different case.

    Sadly, this is just like what happened to the term "hacker" back in the day - it was idiots, like this guy, that ruined it for the real "hackers" out there; the script kiddies. Now, guys like this, and the other guy that got caught doing it, will give the term "war driving" a bad name. Hell, you mention "war driving" somewhere and people are going to start believing you're a "hacker" who uses "linux" to steal credit cards from them.

    All in all, people should learn to secure their wireless networks. If they are unable to, or know nothing about the processes, they should be wired like the other drones. Or they should simply hire someone to secure it for them -- It's honestly not that difficult these days, especially with a linksys router. You simply type in a few things and click a coulpe check boxes and you're done. But this does prove that the common person, joe sixpack if you will, does not care enough about computer security to do anything until someone takes advantage of them. Then they cry foul.
  • by badfish99 (826052) on Monday August 01, 2005 @06:07AM (#13212467)
    It's not the "dumb user" who left his wireless insecure who is at fault. He has just bought a product, plugged it in and expected it to work. Why not?
  • Re:I, for one, (Score:5, Insightful)

    by malkavian (9512) on Monday August 01, 2005 @06:09AM (#13212476) Homepage
    Hey, you use your car for maybe an hour each way to work. It's being wasted the rest of the day. Fair that I grab it without you knowing in between then?
    Of course not. Anything you decide to do becomes their problem. And, well, it's just rude! If it's one of the low cap broadband connections, perhaps you're going to push them over their limit? Or several people using it will do that?
    Still alright to cost them money?
    All it takes is a nip round to your neighbour's place and say "Look, you've got a wireless point there and broadband.. Mind if I chuck you a bit of cash each month and piggyback on top of the link, 'cos I can't really afford it?". Many would say to just hop on anyway if it's not used, without you paying anything. That's certainly the arrangement I have with my neighbours that can't afford the link (now have 3 people on mine).
    Nothing wrong with sharing a link, it's just good manners to ASK before taking things.
  • Idiot (Score:3, Insightful)

    by 16K Ram Pack (690082) <tim.almond@gm[ ].com ['ail' in gap]> on Monday August 01, 2005 @06:12AM (#13212492) Homepage
    "Some people might argue that taking a joy-ride in someone else's car is not an offence either"

    Wrong. It's more like going up a private road which isn't marked as a private road, and which you have contacted Google to tell them to put it on their maps. Don't want people to go driving up your private road? Put some signs up or a gate.

    It's very simple - put WEP or WPA on. To be honest, if someone goes through your WEP, then that counts as a deliberate break-in in my book. If you don't have it no, don't complain when people go using it.

  • Re:I, for one, (Score:2, Insightful)

    by RicRoc (41406) on Monday August 01, 2005 @06:19AM (#13212515) Homepage
    If you have an agreement with your neighbour allowing you to use their network, then of course you can use it -- otherwise, it's theft, and you can get into trouble if you are caught. Whether or not they are using their network is irrelevant, it's theirs to use or not to use, not yours.

    Theft these days is so easy that it takes real moral strength just to not do it. I understand perfectly why some would choose not to exercise their moral muscles; it's just too hard.
  • Re:Accident? (Score:1, Insightful)

    by Anonymous Coward on Monday August 01, 2005 @06:24AM (#13212532)
    Does it matter? If it behaves like a public hotspot, it is one. The access point owner communicates on public frequencies, I do the same. I have no control over his access point. Whether my network card is allowed to associate with his access point, whether my computer gets an IP address, whether my browser can connect to the internet through his access point, that's all under HIS control, not mine.

    He's not in his home, he's on the public airwaves. There is an established protocol for open access points and his access point behaves exactly according to that protocol. It's his responsibility to clearly state his intentions in the public space if he doesn't want to be misunderstood. You learn how to safely use a car before you use it on public roads. Why do people think it's ok to use the ISM bands without so much as a thought about what it is they're doing?
  • by MadCow42 (243108) on Monday August 01, 2005 @06:31AM (#13212559) Homepage
    >>So if you have your door open in summer, I'm welcome to walk into your house and help myself to some of the cookies that are on the kitchen table?

    Bad analogy - that would involve tresspass; there is a physical boundary of someone else's property that implies private access.

    A better analogy would be if those cookies were floating through the air, coming in MY window and out my door, and I happened to eat a few as they went by.

    Although it may not reflect the law, I personally believe that unsecured wifi should be public domain. WEP (even 1-bit for god's sake, to show that the intention for it to be private) should be enabled by default on routers, and it should be blatantly clear that you're providing public access (with consent) if you turn it off.

    MadCow.
  • by NigelJohnstone (242811) on Monday August 01, 2005 @06:36AM (#13212571)
    "Fortunately, most courts still discriminate between intentionally and accidentally doing something. "

    Except for one thing, you can't know if he neighbours INTENT was to share his open wireless connection for sharing. Thats the whole point of Open WiFi afterall, sharing. By doing this they're making Open WiFi illegal, because not only does your computer have to get permission to connect to the network (via the login) but now extra permission is needed too.

    Let me put it another way. Suppose you have free open municiple wifi and Fred Bloggs open wifi, you computer has no way of telling which is the free Municiple open wifi and which is not so it connects to Fred Blogs's net, attempts to login and is given permission -> crime comitted. You had the intent to connect to an open network, but not the method to determine which network is permitted.

    Or rather you did have the way, the login, but the court ignored that.
  • Re:Accident? (Score:5, Insightful)

    by HiroProtagonist (56728) on Monday August 01, 2005 @06:49AM (#13212608) Homepage
    And why isn't it secured again?

    If a hospital network isn't secured, IMO it is GROSS negligence on the part of the IT staff of the hospital.
  • by balloonhead (589759) <doncuan@y a h o o .com> on Monday August 01, 2005 @06:49AM (#13212609)
    Sending spam is a crime. Using an open relay is not. Spammers using this are committing a crime, but not the one you point out.

    Open networks require a handshake between the router and PC. This is analogous to authorising use.

    One says 'Hi, can I use your network'

    The other says 'Yes'

    The owner of the network authorised this by turning the thing on.

    I don't agree with the top post though - I leave my network open, I don't mind people using it. If they abuse it, they get kicked. I use other people's networks to send and receive email and to do the odd bit of surfing.

    If I commit a crime on their network, then I am a criminal. But using a network which I have been authorised to use to do legal things is very different.
  • by squiggleslash (241428) on Monday August 01, 2005 @07:18AM (#13212694) Homepage Journal
    The wireless network was not "inviting" him to connect. The wireless network is not a sentient entity, still less one with the legal power to do so. At best, it might have been broadcasting a message saying "My owner welcomes complete strangers to this network", but as of yet there is no protocol within 802.11* for doing this.

    Some geeks have attempted to hijack "There's no encryption on this node" or "My SSID is public and is..." to mean this, but given most WAPs are configured by default to have no encryption and to publically broadcast a SSID, and given both can be explained by many other reasons, this is simply legally non-sustainable as an argument.

    Hiding a SSID in some ways is anti-social as it makes it more difficult for your neighbours to find your network if it interferes with their's. The lack of encryption is also a bad choice, I've come across wireless equipment that works "out of the box" but requires connection to a PC to configure any encryption features - adapters to put X-Boxes and PS2s on a wireless network generally work this way. Owners of such devices are very likely to want to use unsecured WAPs.

    The wireless network would have been advertising its presense. This is a useful feature. But it wasn't "inviting anyone" any more than a door knob does.

    Geeks need to get out of the habit of assuming that a default configuration amounts to "permission to use". It doesn't. Only permission to use is permission to use. The only surefire way to know if you have permission or not to use a network is to look for a publically posted notice, or to get written or oral permission from the network's owner. One day, 802.11* might have something added to make it easier to make it possible for a user to unambigiously give other's permission to use their networks (and that would be a useful feature anyway), but until then, look for notices, or talk to the operator. Don't assume.

  • Service theft (Score:2, Insightful)

    by Timberwolf0122 (872207) on Monday August 01, 2005 @07:31AM (#13212735) Journal
    In the words of Kosh truth is a thre edged sword;
    Your side
    there side
    and the truth

    Theft of bandwidth on a home internet conenction beacuse of an un-securt WLAN would be viewed thus.
    Every secong xMbit of unused bandwisth is wasted, I was simply using something that the owner was throwing away. Besides it should of been secured, its' like leaving your shopping on the front garden wall.

    It was my property and as it is part of my network you invaded my privacy, it is like walking into my house and decanting the hot water out of my kettle after I'd just made a cup of tea.

    You ARE stealing and you ARE gaining unlawful access to a private network. If you want to share bandwidth (I do so with my neighbours as they are very light users and I have a loverly fat pipe) then it should be done openly. Although you could argue it is the owners responcibility to secure there own network it is no different to seeing a house with an open window and going in to nick the biscutes.

    So Say'th lord Timebrwolf.
  • by op00to (219949) on Monday August 01, 2005 @07:32AM (#13212739)
    Not.
    The.
    Same.
    Thing.

    Maybe, just MAYBE, if folks in your town payed a flat fee for water, and you walked down the street checking everyone's outdoor water nozzles, and took a drink where they were turned on for use, MAYBE that analogy might relate to the story. But the unlocked door analogy, especially in this situation, is NOT THE FUCKING SAME THING.
  • by shellbeach (610559) on Monday August 01, 2005 @07:56AM (#13212833)
    Hiding a SSID in some ways is anti-social as it makes it more difficult for your neighbours to find your network if it interferes with their's.

    What?!? All it does is remove the SSID information - you can still see that there's a network on a particular channel if you do a scan! You just can't connect to it ...

    If you can't rely on SSID broadcasts, then how can anyone know when a network is public and when it's private? Perhaps, as you say, there needs to be a more unambiguous code for this ...

    Geeks need to get out of the habit of assuming that a default configuration amounts to "permission to use". It doesn't. Only permission to use is permission to use.

    Except that SSID broadcast without encryption has been assumed to be permission to use, by hardware manufacturers and even by certain OS software companies! Perhaps that's unfortunate, and perhaps it shouldn't be like that. I take your point, though, that there's no formal definition that a broadcast SSID equates to an open network, and that it's wrong to assume that that's so.
  • by NigelJohnstone (242811) on Monday August 01, 2005 @08:04AM (#13212865)
    "As has been mentioned elsewhere in this discussion, the guy was aware that he did not have the owner's consent to use the connection."

    Yet his computer asked for concent and was told it was OK.
    Your cell phone for example is a very similar device. You drive around, it gets a good connection to a nearby tower, and you make your call.

    You don't get extra permission to use that tower, you assume because your phone says its ok that its ok.

    You visit a website, its password protected so you don't use it. You visit a website and its not password protected so you do use it.
    Did you get extra permission? Internets also a shared public network, just like WiFi.

  • Re:Knock knock (Score:3, Insightful)

    by DigitumDei (578031) on Monday August 01, 2005 @08:07AM (#13212874) Homepage Journal
    A more accurate representation.

    Man 1: "Knock knock",
    Man 2: Door swings open by itself.
    Man 1: Goes in.
    Man 1 repeats this many times over a 3 month period. ...

    Man 2: Police arrest that man.
    Man 1: But I knocked and the door opened
    Man 2: But that was a misconfiguration, if I wanted you to come in I would have said so myself.

    A wireless router is not a person, and therefor cannot be compared to the person saying come in.
  • Re:Knock knock (Score:3, Insightful)

    by Kjella (173770) on Monday August 01, 2005 @08:13AM (#13212901) Homepage
    Man 1: *turns doorknob*
    Door: *swings open*
    Man 1: *goes in*
    Man 2: Police arrest that man.
    Man 1: But the door opened for me, and thus gave me permission that I could come in
    Man 2: I forgot to lock it, if I wanted you to come in I would have put a "FreeToComeIn" sign on my door.
  • by CaptainFork (865941) on Monday August 01, 2005 @08:41AM (#13213023)
    To address your key points in turn:

    not only is it pretty clear that no one would want strangers in their house - It is clear to me that some people might not want strangers using their modem/router and possibly volume-capped broadband service.

    but that you are also trespassing on someone else's property - Trespass is a good example of a crime that is technically victimless but which most people agree should be in place. It is a precident for a "cyber-tresspass" law that would address this issue and others, like zombie networks.

    The police also consider open doors fair game for entry - I'd be surprised if this is true. I certainly don't want the police entering my house without a warrant!

    Rather like if a webserver is publicly accessible, then anyone can connect to it is a bogus analogy. A website is like a shop or a library. That is what the web was set up for. But that wouldn't ligitamise knowingly accessing a private corporate intranet just because the IT guy accidentally left it open one day any more than it is legitimate to enter a shop that is closed just because the owner forgot to lock up.

    how can you differentiate what access points you are allowed to access? - Questions like this arise with almost every property-related law. You must find out from the owner first either by direct communication or via a notice. If you cannot/will not do that then you will have many problems fitting into society quite apart from internet access.

    businesses especially pollsters and advertisers are allowed to assume that any phone number is fair game to be called unless it is on the federal do not call list - The problem is that many people would like to receive certain unsolicited calls eg from someone who found your lost cat, and you can't announce the fact that you will allow such calls in the case of telephones. But you can indicate that your WiFi is available by various means.

    Another analogy is potentially FM radio - That's not remotely close. FM broadcasting is purely opt-in by both parties. No-one is taking control of anyone else's communication equipment or consuming other people's pay-for services.

    I and most other people don't care if they use some of my lawn as long as it isn't too close to the house - And what if they do get too close to the house? You will ask them to stay clear of the house, then you will ask them to keep off your garden altogether, and finally you will call the police and get them arrested. All the while they may have done no damage at all. My point? No-one should assume they have a monopoly on what is reasonable in the context of sharing.

    I have an [blah blah] for those that do want to use it - I'm glad you're rich enough to be generous to people who own WIFI laptops but won't shell out for a broadband connection of their own.

    If there's one kind of champaigne socialist that really gets my goat, it's people in the top 0.1% of global earnings who can afford to make expensive but insincere and ineffectual gestures of generosity, and then snobbishly expect everyone else to do the same. I hope the neighbours' kids tread the f**k out of your garden, especially in the forbidden part right next to the house.

    Remember, it's easier for a camel to pass through the eye of a needle than for a rich hippie to get over his guilt complex.

  • by Anonymous Coward on Monday August 01, 2005 @09:19AM (#13213229)
    It's more like getting into a car that's not only unlocked and keyed but carries a sign announcing that, with posters all over the area pointing out the state of the car, and a fleet of identical cars next to it so there's enough for everyone. In a world where some people actually offer free car services, and you have no way of telling whether this particular set up is a free car service or not.

    When you pick a flower, it's not there anymore. Use a network, and the owner still has the network.

    Your analogies aren't any good either. It's more like using a private road that isn't marked as private and carries normal looking street signs.
  • IP != Person (Score:3, Insightful)

    by Riskable (19437) <YouKnowWho@YouKnowWhat.com> on Monday August 01, 2005 @09:32AM (#13213322) Homepage Journal
    Repeat after me:

    An IP Address is not an identity
    An IP Address is not an identity
    An IP Address is not an identity!

    If a crime is committed and it is traced back to an IP, that is A START of an investigation and should NEVER be the end of it! Far too often do we instantly assume that just because the crime came from a certain IP address, the person who owns the machine is the person who committed the crime.

    All an IP gives you is the "place" part of the puzzle. Worse than this is the fact that it is virtual and multi-dimensional. The "place" where the crime occurred actually exists in many physical locations at once and can be nearly limitless in scope.

    More important in these types of investigations is the "means" and the "motive". If neither exist for the person behind the IP, it is likely that his machine (or connection) merely acted as a proxy.

    It just seems *WAY* too easy to frame someone for an Internet-related crime. Just find some motive and place "the means" on their machine.

    If I were on a jury for any sort of Internet crime, the amount of evidence against the accused would have to be ENORMOUS for me to even consider a "conclusion beyond a reasonable doubt".
  • by asdfghjklqwertyuiop (649296) on Monday August 01, 2005 @09:52AM (#13213466)

    Of course there is. He did not merely "look" at wireless network. He connected to it and was using it. That's hijacking.

    This is more like getting into an unlocked car and driving it around just because the owner left the keys in the ignition. Hardly fair or legal.

    People leave their cars/houses unlocked. This doesn't mean it's perfectly acceptable to steal/rob them!


    If I see a store with a sign labeled 'open' on the front of it, would you consider me a burglar if I walked into it without asking the shopkeeper first? If there's a bus sitting on the curb and the door is open, am I hijacking the bus if I just walk into it? If there's a house with a sign labeled "garage sale" out front am I tresspassing if I start wandering around the front yard looking at things sitting out?

    The AP this guy connected to had a big giant sign *actively* saying "OPEN" on it. 802.11 provides many ways to make that sign say CLOSED instead. This AP used none of them. The guy's laptop sent a message to the AP saying "hi, is it ok if I connect" and the AP said back "sure, here's an association for you and an IP address you can use.".

  • by irc.goatse.cx troll (593289) on Monday August 01, 2005 @09:54AM (#13213473) Journal

    "This is more like getting into an unlocked car and driving it around just because the owner left the keys in the ignition. Hardly fair or legal."

    It's more like someone listening to their radio really loudly and you listening to it from next to their house. Hardly unfair, and perfectly legal. Don't give IP's or routes to unauthorized clients.

    Then again, I think it should be perfectly legal to do whatever you want with any signal thats being forced onto your land. This goes for any wireless networking, EM radiation, satalites, etc. If you're stuck with the downsides (cancer, signal collision, etc), you should atleast be able to do what you want with it(Like decode directtv's video theyre sending you).

"No problem is so formidable that you can't walk away from it." -- C. Schulz

Working...