Police in the Australian state of Queensland are to go on the hunt for unsecured wireless networks. Claiming that "the crooks are out there driving around trying to identify these [open] networks", Queensland Police Detective Superintendent Brian Hay told local site ITnews that the Boys in Blue will now do the same. Folk found …
I've always maintained
that there is justification to say that using an unsecured WAP is allowed as you've already asked permission. Your laptop has asked permission on your behalf by engaging in the DHCP protocol which effectively requests permission to use network resources and the router responds not only in the affirmative, but with detail required to use that service (IP addresses, gateway and DNS addresses etc).
that the user didn't intend it is by the by. they are responsible for their device.
Note that this doesn't allow someone to guess or break passwords, but if it's unsecured then the DHCP process is effectively a request response system which is being followed. a good lawyer should be able to work with that.
A work colleague use to do the same but when he found a street full of unprotected Wi-Fi he would put flyers through the doors offering services to configure there routers for a nominal fee (and he was the security guy for our office)
To what end?
What crime is being prevented? It's rather annoying that someone would piggy-back uninvited on your connection, but is it even a crime, let alone a threat requiring police time?
The only possibilities I can think of:
- downloading pirated stuff (civil rather than criminal offence?)
- sharing illegal stuff (changes of that seem vanishingly small)
- snooping on broadband owners usage for credit card details etc (a lot of effort for minimal return).
I think the police are wasting their time here.
Or fishing expedition?
WEP'd? WEP is about as secure as a car with the keys in the ignition. One would think that if they're going to be dictating to people about security, they'd at least do enough research to make that "advice" useful.
Forgot the tagline:
surely they shoudl warn all those too, as it doesn;t exactly take a long time to crack if you know what you're doing.
This is no different to the old police practice of trying door handles to make sure they're locked.
Loads of whiney comments along the lines of: "Oh noes WEP as insecurrs anyhows. OzPlod shud be arks for WPA / TKIP / <whatever>, is most silly har har"....
Probably followed by someone blaming Microsoft........
cops breaking the law
By doing this surely the plod are breaking the law themselves, clearly they are attempting to gain access to private networks if they test default passwords.
Out of interest, what is the legal position when your neighbour is broadcasting their unsecurred wireless network onto your property? I mean if their apple tree overhangs my garden and there is an apple on the branch overhanging my lawn I figure that I am entitled to eat that apple..
Also - Somewhat unrelated, but it's Friday so I am having a random muse - Could I get my noisy neighbour to stop playing their horrible music by grassing them up to FACT on the grounds that they are rebroadcasting it without a license?
Well I work for an ISP working with the Police Support reps proving who used what IP address and when. If you jump onto someone elses open wifi router and send death threats then it's the owner who is in trouble when I report it came from their router.
I always point this out but I know it has happened to a drug deal that messages came from an open wifi router so some non-IT savvy family seemed to be a major drug user - whoops !!
When this happens from your open wifi router I'm sure you wiil change your attitude.
Ahem... *cough* *cough*
OK, so they see open or poorly secured APs via a scan. What then? Will they go knocking on a number of doors asking "Sir, ma'am, do you currently possess the insecure AP we're looking for?"
Not sure they've yet realised that an AP's radius can easily encompass multiple housing units or offices. Somehow, I don't think this perhaps well-intentioned action was fully thought through.
Many networks have no encryption for a good public purpose. Proper secure authentication can only be done upstream. I wonder if the cops realise that and don't start a campaign that can damage these services?
...if I choose to leave my router unsecured so that other people can use it?
Checking the password
Presumably the only way they can check for the default password is by using it to log on.
Are they breaking the law by doing that?
And are they *all* going to be able to resist the temptation to have a fishing expedition round the local network's files once they're logged on?
Ahh, the "anti-piracy" lobby...
This is nothing to do with security.
If you have an unsecured wireless network and don't feel like putting money into the hands of the wankers in the MPAA and RIAA, you can just state that someone else must have been using your connection (if you're not a complete moron, IP logs will be all the evidence they have).
If it's got WEP, even though WEP is as secure as a bundle of £20 notes with a "Please nick this" sign in the middle of Chav Central, you lose this defence; you didn't secure it *enough* so they're coming for you anyway.
"Look guys, another 'Belkin54g'..."
Retaining the default SSID does not mean the WEP / WPA key has not been set.
Re: David Haworth
So, by your reasoning, If I leave my car unlocked with the keys in the ignition it isn't theft if someone jumps in and drives off?
It's amazing how dishonest people always manage to justify their actions somehow. Hollywood charge too much/their films are crap/the cd I wanted wasn't available/was drm'd etc etc.
As 1st commenter said, WEP suggests that you don't grant access to anyone who connects. So you should be legally far clearer if you DO get caught doing anything illegal- even if they do have a clever lawyer.
Also, some devices don't support WPA and WPA2. Can't think of any common ones off-hand, but the Police really should be working with the lowest common denominator- and unfortunately that's WEP.
useful for the cops
They can make a list of good hot-spots for downloading pr0n.
(For research purposes, of course)
And of course...
... they're not using the unsecured systems to download lots of porn....
wah wah wah WEP is vulnerable shocker. Film at 11.
think for a second here. who is this aimed at? sure, for you or i, WEP is no real problem to getting in. but for average person in the street, anything that stops their windows machine successfully auto connecting as enough to stop them using it.
and for that WEP is fine.
99.999% of people are not going to bother learning how to crack keys, or spoof MACs. plus the people that do know how to do it will probably have better net hookups anyway.
plus my DS and Amiga Wifi drivers only support WEP
"that there is justification to say that using an unsecured WAP is allowed as you've already asked permission"
Likewise if you did not want me to use your garden hose to fill my swimming pool you would have put a padlock on the tap. If you didn't want me to use your car you would have locked it. If you did not want me to enter your home and help myself to your television you would have made sure the door was shut or the television bolted down.
To say that just because someone did not secure their property it makes it quite legal for you to use them seems quite a bizzare attitude to take. Having said that it seems to me that, unless the police officers in question have such a low crime rate, there must be better things they could be doing.
"I shook hands with the door handle and it responded by opening the door, I was an invited guest your Honour."
Can't see that defence working but I look forward to hearing of the outcome of anyone who has tried it.
I've always maintained:
that there is justification to say that taking a car where the owner leaves the keys is allowed as you've already asked permission...that the user didn't intend it is by the by. they are responsible for their car.
that there is justification to say that entering a home and taking what I like when the owner leaves the door unlocked is allowed as you've already asked permission...that the user didn't intend it is by the by. they are responsible for their home.
And to really blame the victim
that there is justification to say that having sexual intercourse with a woman too drunk to stand-up is allowed as you've already asked permission...that the user didn't intend it is by the by. they are responsible for their drunken state.
Police use WEP
Chronos - LOL - very good comment!
Maybe the crims should use the police WAP if they only have WEP :)
When my mates mum had broadband first installed, they never secured it and the bloke next door used it to download his kid pix
This and all your suggestions are crimes that can be prevented (or at least your alledged involvement with them) by securing your wireless and as lots of people don't know about it.....
Unsecured WiFi presents a big problem to police...
I suspect there's a hidden agenda behind this move, as they are clearly spending time, money and resources on this task, so someone high up has to ok that spending spree. Its very likely unsecured WiFi presents a big problem to police. After all, Terrorists (hiding on every street corner) can tap in and use connections, which the police monitoring ISPs cannot pin onto the downloaders as the downloaders look like the company connected to the ISP, not the wifi user, they cannot directly spy on and catch so easily. (But with a growing list of unsecured WiFi, they can at least pin point locations where crimes maybe commited).
The thing that makes this far more likely is if you replace the word Terrorists, with “Music & Film Downloaders”.
Then add in the occasional political activist who dares to speak out against their growing Nanny State (soon to be hopefully seen by more people as a growing Totalitarian State). Someone speaking out like this would be ever more forced to use wifi as their only safe(ist) way to speak out against their growing total control regime.
How long before we have a major push like this in the UK to silence WiFi avenues of decent. The big corporations, (especially film and music businesses), combining with politicians working together to force their collective will onto us all (for their own gain). They all have a vested interest in silencing freedom of speech and so freedom to share thoughts on the Internet. After all we may not like their growing plans to control the Internet (and micro manage our lives, so they can "monitise" our lives for their own gain) and we may actually start to get angry enough with them all, to start saying that out loud. Enough people standing together can oppose them and they know it. Thought Crimes need to be crushed. Decent needs to be crushed. Groups need to be broken up. We cannot have growing groups of people standing together against the people in power. But social control is hard to sell, so we need to sell control as freedom from fear. Fear the dangers all around. After all we only aim to protect you, honest. You can trust us, after all, you are safe beneath our watchful eyes. Go back to sleep now. Try to think of other things. Here we will help you. Have you heard about that terrible flu epidemic going around.
Its no wonder they hate open WiFi as its gives some small freedom from ever growing control. This isn't just about WiFi its about control (as usual, because control brings personal gain for the people in control, but they have to convince us to let them control us all. What better way, than keep marketing fears to us).
So what...someone else uses my wireless connection...the illegal stuff will be on none of my computers, so there's no evidence that I did anything wrong. And all forms of wireless "security" can be cracked,given enough time. And there's the hassle of allowing friends on the network when they pop over for a LAN or whatever. To heck. Leave it unlocked. Open door policy:)
Don't pull the pin...it'll never go off.
@ Those who say David Haworth is wrong
Your analogies are flawed. Accessing an open wireless connection is NOT the same as going into your house / taking your car / using your garden hose / whatever.
A better analogy is, if you dump your furniture on the sidewalk with a sign saying "Help yourself", then is a person committing a crime if they take it? No. Or another analogy is if you leave your front door open with a sign saying "Open to the public - Come on in!"
Firstly, your wireless connection is broadcasting into public space. If I have to go onto your property to access your connection then you have a case. But if your wireless is broadcasting onto my property (or into public space), then Alpha Tony's apple tree analogy applies. In this case, it relates to the part of my analogy above where you put your furniture on the sidewalk.
Secondly, that your unsecured wireless EXPLICITLY GRANTS PERMISSION when another computer connects to it corresponds to the part of my analogy where you put a sign on the furniture saying "Help yourself".
I've often been using my laptop in the passenger seat of a car or on a bus and it's connected automatically to someone's nearby unsecured network while in range, whether I want it to or not. You can't accuse me of anything if your network openly invites any nearby computer to connect to it - the equivalent of the sign on your door saying "Open to the public".
The bottom line is, if you choose not to secure your wireless connection, there is no crime in someone on public or neighbouring property connecting to it. It's not about "justifying" anything. It's about reminding moralising do-gooders like yourselves that want to criminalise anything not explicitly permitted, that some people do like to share and if you don't then bloody well secure your wireless and deny permission to access it. Take the signs off your doors, idiots!
@ Alpha Tony
"By Alpha Tony Posted Friday 17th July 2009 10:11 GMT
Out of interest, what is the legal position when your neighbour is broadcasting their unsecurred wireless network onto your property? I mean if their apple tree overhangs my garden and there is an apple on the branch overhanging my lawn I figure that I am entitled to eat that apple.."
In the UK at least then you would be wrong, just because something is in/overhanging your property does not make it yours. Look at it another way, if a £50 note was blown from you wallet and landed in someone else's garden you would not think it had suddenly become theirs for the taking, would you?
The same is true of a WiFi signal, there is a protocol for devices handshaking, that does not mean it is either lawful or morally right to use a service that someone else is having to pay for just because they have not secured it.
@I've always maintained
To the people who replied to me, no I am not saying that this is the same as stealing a car with the keys in, or breaking into a house with an unlocked door. I don't think it is equivalent to this at all.
I do think that if you have a password on your wireless then there is very clearly a no entry sign and if you try to break it or guess passwords, then you're clearly in the wrong.
I'm talking about completely unsecured wireless networks, broadcasting an SSID and with no security. if they did not broadcast SSID then you'd have to know what it is to connect, but their router is actively advertising that there is a wireless network there.
a stranger comes along and scans for wireless networks. he might be looking for a BTopenzone or similar. he finds "Bobs wireless". he has no way or knowing whether the owner is ignorant of security conventions, or is deliberately leaving it open for strangers to use. some people do this, there there are even groups of people who do this (fonera for example).
if our stranger clicks on "bobs wireless" then his laptop attempts to connect and requests network access from the router. most routers are perfectly capable of refusing network access, but this one responds with all the data needed to access the internet. that sounds a lot like permission to me. compare "I'd like to use your bathroom" "third door on the right"
I'm not actively trying to "blame the victim" here, but the owner of the router has to take some responsibility for how his possessions act. Bob might not know how to configure a router, but I'm sure he knows how to pay someone else to do it for him.
I don't see this as being the same as "she was asking for it wearing those clothes", or "well, if he just leaves the door open then he shouldn't be surprised if I take something". there is a system here which regulates how one system can request access to network resources from another. the laptop is making that request on behalf of the user and Bob's router has responded on his behalf. if he wants it to respond differently, he should either configure it to do so, or get someone else to do it for him.
does this clarify my position, or does everyone still think I'm a burglar in my spare time? :)
So WEP might be vulnerable, but it's at least like locking the doors to your car. If someone really wants access to the inside they'll find away.
I've seen demonstrations of WPA being cracked too, and MAC addresses can be spoofed, so what do you uber-security gods suggest?
People would be better off if they didn't leave the things on all day every day. I agree that it's no different to the police trying your front door handle.
The testing of default passwords does provide an interesting debate though...
Paris, because I couldn't find a suitable "Face-palm" icon, it's Friday, and let's be honest, you wouldn't say no, would you?
Just out of interest, what would be the legal position if someone you invited into your house (e.g. for a party) started selling drugs? Are you, the house owner, responsible for their illegal activities, or are they?
If it is the former case, then that is the same as someone who owns an unsecured wireless access point being responsible for what users of that access point do.
personally, I believe that it should be the individual users of the access points who are responsible for their own actions (e.g. downloading illegal material), not the access point owner. Thus, there should be no need to secure your access point if you don't want to.
Aww, fer cryin'....
Pissing about using WEP instead of something more robust is like pissing about not having a deadbolt with specific security enhancements over just locking the doorknob.
The point is: Most criminals are looking for the low-hanging fruit. Why bother cracking an encryption or picking a lock when there are so many unencrypted APs and unlocked doors? Can't get in? Well, let's just keep moving. WEP may not be much, but it's enough to keep 95% of the plods from trying you on and moving on to the next network.
Also, this seems to be "bad analogy day" here. There is no explicit dialog between you and your neighbor if you take his garden hose without asking and use it to fill your swimming pool. Nor is there an explicit dialog if you leave your keys in the car's ignition and someone takes it. There is an explicit dialog between your unencrypted AP (a proxy for you, as you set it up, offering open service) and the crook's laptop stealing your services (a proxy for him/her asking for a connection).
Your garden hose is not a proxy for you, nor is your car.
And don't forget
To lock on your chastity belt on your way out the door.
In other Qld Police moments
a Qld Police officer fined a Cab driver $AU100 for wearing short socks (apparently short socks are not neat and tidy).
"It's about reminding moralising do-gooders like yourselves that want to criminalise anything not explicitly permitted"
do-gooders eh? That must mean you are an evil-doer
"I've often been using my laptop in the passenger seat of a car or on a bus and it's connected automatically to someone's nearby unsecured network while in range, whether I want it to or not."
Really? What are you using? My laptop and phone will both show me a list of networks, but I actively need to click it to connect.
@Aww, fer cryin'
"ur garden hose is not a proxy for you, nor is your car."
"There is an explicit dialog between your unencrypted AP (a proxy for you, as you set it up, offering open service) and the crook's laptop stealing your services (a proxy for him/her asking for a connection)."
Tell me how you figure the AP is a proxy, yet the hose and car are not. All are inanimate objects, 2 are machines, one is an automatic one. Next you will be saying catching car/garage lock frequencies are ok, because they are being broadcast.
And what you are implying is that its ok to steal from stupid people because they are stupid. So to extend this further its OK to shag a drunk woman because she is drunk.
Actually, the Apple Tree analogy is correct: in the UK at least, any crop that overhangs your property is yours. Ironically, the wood that it grew on is not: you are allowed to trim back to your boundary, but the trimmings must be offered back to the 'owner'.
Back to the point - what a waste of time, unless of course, the authorities are doing far more monitoring than they are telling us about...
Kind of like putting your TV right up to the window so you can watch it from the garden, having passers-by watch it from the pavement outside your driveway.
Or a hosepipe left running off your property - is it theft to collect the water in a bucket to fill your swimming pool? That's more like it...
Pot meet kettle
They need to start in their own backyard first. Recently I was called for jury service in the District Court in Ipswich (Qld) and took my Eee PC along loaded with an E-book or three. As soon as I started it up it detected an unsecured wi-fi network, the Qld Court network. I did logon and got access to the Intarwebs, just to see if I could. Not much point in going around checking for unsecured citizens' wi-fi when one of their own is wide open!
And yes, my own net IS secured!
Anonymous for obvious reasons.
yet another analogy
Try this one on for size. You have a Porta Potty (portable outhouse/bathroom) on your sidewalk. Do you expect someone walking by, or your neighbors outside not to use it (if they need it) when you leave it with the green sign saying open. Now if you put a lock on that out house people breaking the lock would be breaking in, or if you just tie it closed with a wire, that would be like using the default password for your router. Putting the Porta Potty in your backyard or in the garage would be like not broadcasting your SSID.
Porta Potties are a common convenience when there is no easy way to have a bathroom close by, you can look at WIFI as the same, its a convenience. If they dont want you in, they can disable the broadcast of the SSID, password protect it, among many other things.
I am going to put the default password on my router and any access done by cops will be reported as unauthorized access to a secured network, of course ill put a sign in my window stating the wireless password so that others can see it, In small print it will say that I grant access to everybody except law enforcement personnel.
Theft of Service?
Attorneys I have consulted with maintain that for you to receive the signal, and any data that it contains, is legal. However if you use the connection, you are in fact stealing. What are you stealing? Bandwidth! Back to the hose analogy, you can look at my hose, even look at what's coming out of it, but since I pay for the water I am entitled to the use of ALL of it, so keep your hands off my hose! (Unless you're Paris)
This part of there Surveillance Operation
What I mean is that unsecured routers pose a risk to the governments snooping on it's own subjects. If IP addresses are not shared, they can monitor all Internet connections via the ISP's logs and hold the homeowner to account if anything illegal or politically upsetting is accessed via that IP.
The problem is that if people don't mind others accessing and using their internet connection anonymously and without asking, this scuppers the governments snooping operation. I'm sure that when IPv6 becomes the standard protocol, it will be made illegal worldwide, to share IP addresses, so that every activity can be monitored.
Open on purpose?
Some people may leave their access point open on purpose - sometimes for altruistic reasons but others because they plan to use this information to counter accusations of file sharing.
The same reasoning might be appplied to anyone choosing to allow their connection to appear as a server in the TOR network.
Like a couple of others here, I suspect a darker motive on the part of the police than wanting to protect citizenry from bandwidth theft.
It's a criminal offence to know of a criminal offence to be or to have taken place and not report it to the police, I believe you become an accessory to the crime, or something. However I'm fairly sure that it is also illigal to knowingly allow your property to be used for the consumption of drugs, although that may be to allow your proerty to be used in any crime, I can't remember.
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?
- MEN WANTED to satisfy town full of yearning BRAZILIAN HOTNESS
- +Comment 'Stop dissing Google or quit': OK, I quit, says Code Club co-founder
- Nokia: Read our Maps, Samsung – we're HERE for the Gear
- Apple tried to get a ban on Galaxy, judge said: NO, NO, NO