Indian police raided the Mumbai home of an American expatriate after someone used his open wireless network to send an email that took responsibility for a bomb blast that killed at least 42 people. Kenneth Haywood, whose internet-protocol address was included on an email sent just prior to the blasts, spent much of Thursday …
Sounds like CIA Black Ops flase flag atttack.
Re: False Flag
"Sounds like CIA Black Ops flase flag atttack."
No it doesn't. False flag operations are designed to implicate a group you don't like, not some random ex-citizens.
I did read
about this yesterday, and saw the comment that the 'technician' had insisted the password not be changed.
Sounds like those help desks that recommend turning off firewalls, but neglect to tell your average user to turn them back on.
Bombay bomb blast...
would have been a more appropriate headline for El Reg, most readers hear would be old enough to be familiar with th old colonial name.
What was that guys name again?
Whats the Frequency Kenneth?
funny how american cops seem to have power all over the world. call me crazy, but last time it was close to that bad was the romans. the (bush supported) nazis tried as we..
he should be arrested
What should the police do, take his word for it? If the message came from his location, he can expect to be arrested, held, and questioned.
Let's say I put a telephone by the street at the edge of my property and let anyone use it. Then you walk up and make a call threatening the president / queen, say that allah wears short pants, or disgrace the founder of Turkey.
I would expect the police at my door. I would expect to be arrested. I would expect to be cleared, but I would expect to be arrested.
Bet he never has an open wi-fi network again...
Whilst I agree that this is a sensible step in the investigation (since as things stand they have evidence that his network was used, and just his word that he didn't do it), I think you're being far too optimistic in thinking that anything will change.
The sort of person that leaves their network open these days, is likely to have the 'it's happened to me once, so it won't happen again' misunderstanding of statistics...
However, whilst I agree with Darwinism in the main, people like this should be helped (a reasonable amount) rather than just lambasted - tempting as it is.
Bad security in Mumbai
I lived in Bombay/Mumbai for a year. Whole blocks have the same IP address because they are fed off the same router. Security is so atrocious that I could change a single digit of my ip configuration to leech off someone else's connection. No usernames or passwords required.
WTF does that mean?
"The email address that sent the message was created 10 minutes before it was sent."
If India can insist on...
"Bombay would have been a more appropriate headline for El Reg, most readers hear would be old enough to be familiar with th old colonial name."
...other countries changing the way they refer to their cities, why can't we insist that the French call London by its proper name?
Mine's the one with the 'Flags of all Nations' streamer coming out of the sleeves....
air - really?
"We've often argued that Wi-Fi bandwidth is like air, and the oft-repeated warnings about people leaching off unsecured networks was so much hysteria"
Frankly a strange argument. Unless you're completely isolating the wireless side, then you're effectively removing a layer of security. OK, it's not an infallable one, but why on earth would you want to remove part of your network protection? It's like @Simpson says, but closer to the mark would be putting an ethernet cable outside your front door. Why??
Talking of lack of security did you know........
(and I publish this in the hope that BT will actually change their practices !!!!!) that the standard User Name and Password for BT Internet connections is
firstname.lastname@example.org and password is "password" or "password1" . Does that sound secure ?. Also the BT Router user name and passwords that the Indian help desk give out TO EVERYONE are equally useless, like "admin" and "password" .
Is it any wonder the net is not secure with BT making up security ?.
Re: Bet he never has an open wi-fi network again...
Because secure wireless really are unhackable?
Sure, in this case the people who did send it probably just wandered around til they found somewhere suitable. But there's nothing to stop them cracking an inadequately secured neywork, and then you're going to have to spend some time explaining yourself to the police and judiciary, trying to convince them that evil hackers did it. And we can all guess how tech-savvy they're likely to be.
RE: WTF does that mean?
It means that ten minutes before the email was sent, the email account that sent it was created.
Paris, coz she'd have known.
Hear, hear. And while we're at it, we can insist that the Brits call Derry by it's proper name too.
I just re-read the article twice and I still don't see any reference to American cops. Is this one of those conspiracy theories about how all of the anti-terrorism organizations in the world, including the Maharashtra Anti-Terrorism Squad are really just puppets of the CIA?
Hm.. so this is why you should secure your wireless networks!
However, WPA might not be the full solution, so I'd add MAC filtering, and walling off the AP into a "public" area, and requiring logging on to a VPN for actual internet access. Only then you will get real security...
@DeFex & @Dom
DeFex - it clearly states that the police were Indian in the article.
Dom - it means that the email address that the email was sent from was only created 10 minutes before the email was sent. Do you by any chance go to school on a bus that isn't quite as long as a normal bus?
The city's true name is Bombay (having a Portugese origin). It was changed to Mumbai for patriotic reasons during the nationalist fervor of the 90s. They based the renaming on the goddess Mumba who was worshipped by local Marathis. It's not the only Indian city to have been renamed for that reason.
>Because secure wireless really are unhackable?
>Sure, in this case the people who did send it probably just wandered around til >they found somewhere suitable. But there's nothing to stop them cracking an >inadequately secured neywork, and then you're going to have to spend some >time explaining yourself to the police and judiciary, trying to convince them that >evil hackers did it. And we can all guess how tech-savvy they're likely to be.
I never wear seatbelts - sure they'll protect me from a lot of crashes but there's nothing to stop a heavy enough vehicle simply crushing my car.
There seems to be a viewpoint in computing that goes "A is not perfect thefore A is useless. There is no alternative to A, so use nothing". Sure home wireless can be cracked, but securing it properly will drastically cut down on your exposure.
RE: Talking of lack of security did you know........
Er, if I remember my BT dsl days, those are the connection passwords for the line. They're only valid on that line though - most providers don't even bother using a password now, so I think you can forgive BT that one.
Fair enough for router passwords though. But again, if you will leave the network open...
@Aron - bombay / mumbai?
Um, no. Bombay is what the "settlers" (first the Portuguese, then the British) changed it TO. Similar changes in India:
Pune became Poona (it always was Pune, or rather "Punyanagari", i.e. the town of good deeds). Kolkata became Calcutta. Thiruvananthapuram became Trivendrum. Chennai became Madras (no clue why Chennai was so difficult, but then I'm Indian so I wouldn't ;)
If you were in my shoes...
The reality is it is pretty easy to sit back and make Darwinian comments, and mock the tragedy that took some 60 lives. It is quite another to have your name, and that of your family drug through the mud by people who have never met you.
I am responsible for hiring IT guys, however my expertise is in other areas. I did not use our guys to set up my home network when I arrived here, however I can tell you it is certainly secure now.
Another point is none of my computers were seized, rather we volunteered to let them be checked in case they might find any evidence on them.
For a person like you who questions one's intelligence based solely on the reports in the media it is probably a good thing for you, you had a person like me with a management background that took a chance on your IT skills and hired you.
I am quite happy to have a discussion on the issues with you, but let's not equate our chosen professions with intelligence shall we?
Just because you know computers does not make you the king of all knowledge.
I would never run an unsecured wifi router, or recommend one to anybody asking. Granted, it's possible to hack into one, but that's not the point. In principle, at least, a wifi spot is just as much an attractive nuisance as a swimming pool. In California, at least, you must have a fence at least six feet high around your pool, with a locked gate to keep kids from slipping in and (possibly) drowning. Yes, they can still get in if they want to badly enough, but if you have the fence and the locked gate you've made a "good faith" effort to keep them out and your liability is much lower. I think that in the long run, securing your wifi will be the same: a good faith effort to prevent random, drive-by thefts of service.
At this point, the owner of that router has no way of proving that the email wasn't sent with his knowledge and consent; if the sender had had to hack his way in, it would have created a reasonable presumption that the sender was "trespassing," and that might have helped clear the homeowner's name.
The pool analogy does not work: kids fall in pools and drown.
Having an open Wifi is more like having a shady tree. People might stop and stand in it shade on a hot summer day and might take a drink from your unlocked tap.
Should someone rip a branch off that tree and hit someone, or draw a bucket of water from your tap and splash someone, should you be held responsible for providing weapons?
Now you're saying that the cops will say: "Someone took a branch from your tree and hit someone. It must have been you."
Where's the proof of guilt? Tracing IP addresses just is not enough.
proving you didn't do it
Re: At this point, the owner of that router has no way of proving that the email wasn't sent with his knowledge and consent;
The owner of the wifi connection can not prove he did not send the email, and that's often the case: you can't prove you did not do something, but you often can prove that you did. So the onus is on the Police to prove he did, otherwise he must freed. That's the way it works in a 'normal' democratic society.
"Because secure wireless really are unhackable?"
That's essentially the same argument as saying that you would leave your car unlocked with the keys in the ignition, just because if somebody really wanted to steal your car then they could anyway.
Unless the people who did it had a particular grudge against the bloke, they more than likely just searched for an unsecured network. Sure, they may have been able to hack it anyway, but why would they bother?
Put it like this. If you were a car thief and stood looking at a car park full of identical cars (let us assume that for the purpose the bombers needed it, one wireless network is just as good as the next) - say there's 100 cars and you know that a few of them will have the keys left in (unsecured network). Would you break into one of those that are still alarmed/immobilised, or search around until you find one of those completely unprotected ones?
Just like any other form of theft, it's all about minimising your exposure. And of course, if you do leave your keys in the ignition, wave your wallet/phone/ipod around and leave them on tables, leave a laptop on your back seat etc. - you just serve to increase the chances of having something stolen.
You seem to confuse hiring people with being their superior. It's a mistake to assume you are in charge of skilled workers just because you hire them on behalf of others with money. You're just a jumped up clerk so don't get ideas above your station.
Just in case anyone is thinking of doing this ...
Don't forget that a typical wireless router will remember the MAC address of any computer that connects to it. Use a card that lets you change the MAC address and change it to something random just before sending your anonymous message, then change it back afterwards. If you can't manage that, buy a new machine with cash somewhere where there is no video surveillance, wear gloves while handling it, use it only for sending your anonymous message, then get rid of it immediately afterwards.
This has been a public service announcement.
>It is quite another to have your name, and that of your family drug through the mud
You want to be careful with drugs in India, the sentences are very severe.
I also doubt that hiding them in the mud is a good idea there's all the cow dung everywhere.
>a typical wireless router will remember the MAC address
Almost all wireless cards hold the MAC in flash and you can change it to whatever you want.
This war driving stuff annoys the hell out of me, I can't get my own bloody wifi to connect in the next room, let alone from the back of a car roaming around. :-(
"It's a mistake to assume you are in charge of skilled workers just because you hire them on behalf of others with money. "
Jeez - are you for real? What, exactly, do you think is the purpose of your job? Apparently, to be a willy-whanging exercise for your ego of how technically proficient you are at some micro-speciality.
The ONLY purpose of your job, is to make money for your company. Your boss (!) is simply in a better position than you to assess how to do that. He / she isn't a power-crazed loon. If you don't agree, go set up in business, and trial out your business judgement against other businesses.
Alternatively, if you prefer the hippy trail (and actually there is nothing wrong with that), tune in & drop out, and make dream-catcher ear-rings. You won't make much money, but maybe you will be happier.
I'd also point you to the above comment from Ken Haywood, the bit about "taking a chance". If you ever get to be on that side of the hiring table (and I sincerely hope not), you will realise just how difficult the decision to "take that chance" actually is, and how short an hour is.
There's no historical mention of a city or kingdom called Mumbai before the Portugese named the place Bombay. It was a jungle island with small villages before Europeans developed it. It's still mostly jungle to date.
It all kinda depends on what's on his router. If it has logs, and they haven't been altered/cleared in a long time... it could show that bob with MAC address 01:23:45:67:89:ab (not owner's typical MAC) visited 2 days before the incident, then 10 min before the incident. Maybe then they can show it on neighbor's AP's. (war-driving) They could say it's more possible that a war driver sent that email. If they look, and the logs haven't been alted/cleared and only 1 machine has ever leased an IP, then they should focus on that dudes' pc. Need more evidence.
Just because you have an open AP doesn't give you automatic "it must have been my neighbors kids" license to hack all day.
Pay no attention to the short-attention-span nimrods on here, Ken. We hope you quickly become a "person of non-interest" in this investigation. Hopefully, you'll be able to write a (brief) account of how an average wireless user ended up on the receiving end of some pretty unnerving procedures, so as to enlighten some of the poor folks who have yet to understand how dangerous an unsecured AP can be. Best of luck, to you.
And for those of you unwilling to wait for Mr. Haywood's tale, check out the consequences of not securing your home routers/APs in some lurid tales found in the "Stealing the Network" series of books. Guaranteed to inform and scare the bejeezus out of anyone who hasn't learned how to secure their network access.
Obviously you're american and clearly you've never been on either side of the table. You make too many presumptions and ridiculous remarks. Had you any real skills you'd know servility is not required. Professionals are however required to communicate not just laugh at the bosses jokes and tug the forelock, that's what has happened in MS and it's why Vista is such a POS.
Wishing you good luck in your future career in trolly recovery.
Please do not feed the troll....
Presumptions? "Obviously you're american, and clearly have never been on either side of the table"
English, currently hiring, have found two decent engineers so far, looking for two more. Require good wireless 3G/4G Layer 1 algorithms experience, and a brain. Know any?