Man Charged With Stealing Wi-Fi Signal

[gpflepsen]

Don, I am assuming the WiFi user was engaged in a two way exchange with the homeowner's open network. If someone is broadcasting a signal I have no problem with anyone looking at it. Just like I don't have a problem with someone running around naked. It may not be the smartest thing to do, but whatever flips your boat.

If a person parks next to an unsecure WiFi and begins to transmit to that network, they are going from an observer to a participant. They are not authorized to do that.

If one goes from watching a pretty girl flirt with a short skirt, to throwing her on a pinball machine to have their way with her, well they're crossing that line too.

The rape is a ridiculous comparison yet it does illustrate the change from being passive to doing something active which is wrong.

This says nothing of the legality of eavesdropping on the network. I would think an invasion of privacy case could be made similar to the use of a scanner to monitor neighbor's cordless telephone calls. They are all an invasion of privacy.

 

[cdru]

around here wal mart sells these blitz wireless adaptors... they all start with the same 3 "Numbers" (for those unaware these numbers are in HEX) so if you can scan te last 3 numbers and grab a connection.. it takes maybe 30 seconds.

The MAC is made up of 6 octets. The first 3 octets, or 6 "digits" are the manufacture ID. All MACs from the is manufacturer will have this ID (or one of the other IDs assigned from the same manufacturer). The last 6 digits or 3 octets are the serial number. This is suppose to uniquely identify that particular card. No two cards are suppose to have the same serial number, so the MAC address also is suppose to be unique. The problem is that many cards some with the ability to "impersonate" another address. So MAC based authentication is pointless. It's trivial to sniff a MAC address from the air. Just changing your address to the one you sniff will gain you access.

 

[cdru]

128-bit encryption also requires a key. The person who would want to connect to it would need this key. Every packet sent and received would have this key attached to it's header.

WEP (Scott incorrectly called it WAP) is very easy to break if you know what you are doing. At a security conference in LA earlier this year, FBI, using common software and hardware, cracked a more or less randomly generated 128 bit key in under 3 minutes. You can read about it here. WPA, which significantly better, also isn't perfect.

 

[Ilya]

I think gpflepsen has a point here.
There is a big difference between passively looking at an unscrambled signal that goes your way and actively using someone's private network via a two-way communication. Let's not mix these two scenarios together.

 

[Pepper]

It may not be "illegal" to give your signal away to the neighbors but if they use it to access the Internet then you are probably in violation of the agreement with your ISP that prohibits resale or distribution. They want that neighbor to pay them, not get service for free.

 

[TheForce]

Who is it here that wants to protect one's right to not be responsible for one's own security? The only laws on the books have to do with cracking a secure network, not engaging in use of an open airwave whether that use is connection to the WWW or simply seeing what's there. The only line here is if the hacker did indeed break a secure network or use a wide open broadcast. If some of you have morality issues I have no problem with that as that's your religion so to speak.
Also, just because there is no lock that can't be cracked given the right resources doesn't mean that a 128 bit WEP is not considered secure by today's standards. I did say one is responsible for taking reasonably and prudent measures to protect ones wifi. If you don't then that is stupid and you deserve to lose your bandwidth which I suppose is all we can assume was lost by an idiot who broadcast it freely to take. I consider WEP reasonable and prudent until such time as the hack to bust it is widespread and in use by most users, similar to DVD copy software today. However we all recognize that use of that for illegal distribution is still a crime. Sorry if that is considered a different topic. There really is no comparison that can't be argued or rebutted on this. The case stands on it's own. People are warned to use security with their data. It's a no brainer. If you broadcast your wifi with abandon, you are giving it away. It is as simple as that. If you took measures to protect that wifi from unauthorized use then the hacker needs to face his punishment. IMO, this case hinges around that and nothing else.

Also, I apologize to all for my passion on this but as one who has taken responsibility for my own actions, good and bad, I get rather irritated at those who think they need to blame others for their own stupidity. I get even more irritated by those who feel it is their purpose to protect those who are stupid by fixing blame on others.

 

[Ilya]

It is stupid to leave your house unlocked. It is stupid to leave the keys in your car.
Still, it doesn't make it ok for someone to walk around your house just because it was unlocked. It's not ok for someone to take your car for a ride either, even if the only damage was some wasted gas ("bandwidth").

Just my opinion. Sorry, if it irritates you, Don

 

[Mark_AR]

It is a double edged sword.

The offender was wrong for accessing the Wi-Fi network without permission in a vehicle.(war-driving) The person couldn't have been parked *just* to check his email.

It would be interesting to see *WHY* he was using the open network in the first place.

It may be different if it was in an apartment building or neighbor to neighbor acccess like some others above had indicated.

Some airports & truckstops offer free wi-fi access. Some charge per hour/day.

Still, it falls upon the signal owner to have WEP encryption turned on.

You can see in most your router settings ANY computer hooked into your connection. Regardless of spoofing a MAC address or not. If you have 3 connections and only 2 computers, there is someone on the network that doesn't belong.

Change your password weekly if you are in town. Don't use common words. A combination of letters and numbers will slow unauthorized users down unless they are *motivated* to break into your netowrk.

 

[damaged]

One of the clients I work for, is next to a suite of offices, we had one laptop on wireless, nothing else, one day I noticed (boss complained his laptop kept loosing internet suddenly till reboot), so I did a little looking and noted a nearby unsecured wireless network that was causing the laptop to use it, obviously I made it so it would no longer try and automatically connect to that persons WAP, I figured out what office it came from (the name on the SID was the initials of his law office), and it was a lawyer, so I went in and asked him if he had a WAP, he said yes, and I offered to secure the WAP for FREE, to prevent spammers from using it or what have you, he refused, said he didn't care..putz, anyways, my point is that in my situation, if I (or someone) had not explicitly forced windows to NOT connect, I(they) could have been charged too, and it would not have been on purpose, and if I was not there, my boss would have never figured out how to disable that 'feature'. Just a thought. If the wireless connection had been password protected and all that, THAT I can see being considered theft.

 

[Foxbat]

Here's an interesting tidbit from the Internet Storm Center's Handlers' Diaries: http://isc.sans.org/diary.php?date=2005-06-26 and scroll down to the entry from Cédric Blancher. He talks about something called "WiFiTap", which makes one want to shut down their 802.11? connection immediately.

 

[damaged]

Yes, I read that (I'm a member of SANS). Yet another reason I'm glad we no longer have the WAP.