A man recently found a swarm of armed federal agents descending on his Buffalo, New York, home after a neighbor accessed his open Wi-Fi network and used it to download child pornography. The account, included in a recently published article from the Associated Press, is one of several demonstrating the unintended consequences …
On the other hand...
...perhaps the best defence is to create reasonable doubt by leaving your network open. After all, if your WPA2 password gets cracked with aircrack+cuda by the neighbourhood bogeyman, even the aforementioned "security" pundits aren't going to believe that you're not guilty of downloading all that kiddy pr0n.
Where I live there are no less than 11 Wireless networks broadcasting SSID in range of my laptop. One of the reasons I use cable for my desktop.
I have disabled SSID broadcast, enabled WPA2 with a quite nasty key, restricted MAC addresses, turned off DHCP and basically ticked every setting I can to make it difficult. I know not a single one of these precautions is 100% reliable but as they say - "you don't need to outrun the bear, just your friend". With 11 networks broadcasting SSID in the same area I figure the hacker will take the easy option over my wireless.
If you had at least tried to secure your WLAN you could say that you had acted with due diligence, and that what happened was in no way your fault.
But, as things were the cops should have noticed that that connection was public, and were negligent in not checking this. If the connection had been encrypted, the cops would have an excuse for not checking this aspect.
Though, on balance I think I'd prefer to take the preventive measure.
Re: WPA2 CUDA
It's the same old problem. 128/256 bit security and a 64 bit password (16 chars with half byte ASCII).
WPA2 is incredibly safe even against your CUDA just so long as you choose a password that makes people cry if you ask them to read it to you. :P
Most passwords are pretty shit if analysed to a bit depth level.
You could churn out a billion brute force guesses a second and still not scratch a proper 256bit password.
256 Bit = 2 to the 256 = 1.15 X 10 to the power of 77.
That's 77 mofo zeros at the end. I struggle to understand such a large number. A billion is a paltry 9 zeros. It's literally a minute rounding error in comparison. The sun would have consumed all it's hydrogen and consumed the earth in a fiery hell before your password was compromised.
Just a reminder people.
P.S. DES was going to be 128-bit until the NSA asked IBM to make it less good (yes, way back in the 70s).
...no. An open network is unlikely to give reasonable doubt.
The forensics teams will just grab all your kit, image any media and then tear them apart. Not even things like "Truecypt" with their "plausible deniability" (which doesn't really work, BTW) can help. Even if that does prove to be uncrackable (which is *highly* unlikely) then there's all those lovely registry entries, temporary and log files to sift through.
Oh, and if you are in the UK, you *must* hand over your keys/passcodes when asked.
Moral of the story: if you are into kiddy porn, they will find you. It's just a shame the punishments are not more severe. Well, they might be if the other inmates find out you are a nonce.
Second moral: The above will probably change in a few years when forensics goes private in the UK. All you have to do is make is too hard to be "economic" for the forensics teams and their managers will tell them to stop. That's right, the boss's bonus is more important that justice. Don't you just love privatisation?
Ah, so you MUST be guilty!
No reason to look for anyone else who might have used your wifi, as you've assured us that it's absolutely impregnable. Lock him up!
Seriously, though, this is a situation where "pretty good" security might very well be more dangerous than none. If you're not using WPA2 and "a password that makes people cry if you ask them to read it to you", you're probably at less risk (from this threat) if you just leave your wifi open.
You're missing the point.
This isn't about trying to hide your kiddy pr0n, it's about trying to avoid getting busted and having your life permanently ruined for something you didn't do. My point is that if you don't have the ability and inclination to secure your wifi extremely well, it might be safer to create plausible deniability.
"It seems just as easy to draw the conclusion...
"...that mere use of an IP address shouldn't be grounds for armed police to raid a person's home."
Yes, but that would involve the use of a bit of sense!
I have no doubt that the Police took great delight in informing neighbours of the reasons for the raid and the arrest to the extent that many will think "well, there's no smoke without fire" and consider that they should tell their kids to stay away from him "just to be on the safe side"...
Actually... OUR "local police"...
Our cops, actually call the press, and local news-crews, BEFORE they make a "child-porn" arrest, so the media can record the entire "bust/raid". And, then the cops do a "perp walk" (marching the suspect around) for the cameras... publishing the name, address, and photos of the "accused", within hours.
And, based upon the usual "letters to the editor" ANYONE accused is tried, found GUILTY, and sometimes... sentenced to "death" (by the local idiots)... before even a single piece of "evidence" is heard. In fact, some of these IDIOTS were actually demanding the lynching (and death) of the wife of a "suspect" (who the police flatly-stated was in no way involved, suspected, or being further investigated). Our "law-enforcement" aren't just "idiots"... they are psychotic-thugs.
"About 201 million American households use wireless networks to connect to the internet." Phew, Amerika seems to have got a lot bigger all of a sudden, there was only about 115 mil a couple of years back. Obviously immigration is out of control, or did they take over Europe while we weren't looking?
Well, there are over 300 million Americans (restricting ourselves to the usage meaning people from the USA), and, it seems to me, growing the usage of wifi from 115 million to 201 million in a "couple of years" when that is one of the biggest growing computer related tech areas during those two years doesn't seem unusual, nor does it seem to require any excessive immigration or annexation of a continent.
Households != Population
Whilst there are well over 300 million Americans each one of those does not constitute the definition of a Household. Not all Americans live on their own, many come in "family packs" which constitute a household instead.
Therefore growth of approx 115 million households to 201 million households is either massive population increase or a whole lot of families splitting up and living on their own.
No, that doesn't add up.
There are 312 million people in the US, but an average 2.55 people per household. There should be only something like 122 million households.
In fact, reffering back to the AP story, I see it's a misquote. That was supposed to be 201 Million households WORLDWIDE.
"worldwide" instead of "US"
You mean there's civilisation outside of the blessed US of A? Beyond Alaska?!
The mind boggles.
You don't say...
"It seems just as easy to draw the conclusion that mere use of an IP address shouldn't be grounds for armed police to raid a person's home"
Plus 100... I'm old enough to consider the provision of an unsecured network a public service; a matter of good neighbourliness. Of course I have a second, secured, network for our own private use.
Definitely a case for severe education of law enforcement; the cops in this raid clearly acted as though he had already been convicted - note, it was him they arrested, not his wife, they *assumed* it had to be him. Lawyers who pursue file sharers are already learning this the hard way. Lawyers who pursue cops are probably already salivating.
Just makes me
glad that I installed CAT5 cables everywhere in my house
"what ya doing that for? wireless is easier" cried my friends
"yeah , but no bugger is gonna leech kiddie pr0n off my connection"
"yeah , but no bugger is gonna leech kiddie pr0n off my connection" Sorry, when I first read that it came across as ""yeah , but no bugger is gonna leech kiddie pr0n off my collection" and was already dialing the police when I realised my mistake :-)
Tin foil hat for sale
"Tin foil hat for sale"
Does it protect against wi-fi?
Thanks for including that last part
That's my take on it, as well. I've been known to use open wireless networks from time to time. So I figure it's only fair to let other people use mine. Stories like this give me pause, but considering how many wi-fi networks there are and how many of those are unsecured (28% according to wigle.net), these few incidents represent a very small risk, literally less than one in a million.
Wireless: open, to accusations
> I figure it's only fair to let other people use [my open wireless] . ..., these few incidents represent a very small risk, literally less than one in a million.
I have to admire your altruism: being prepared to get arrested and charged with child pornography (which as has already been said is a guilty: with no chance of removing the stigma, offence) just so that some anonymous strangers can get internet access for free,
Couldn't agree more!
You're far better people than me in allowing people free access. I think my wireless network is the only one bothering to use any encryption in my street.
I've even warned some of the neighbours about this sorta thing only to have them shrug!
I suppose the silver lining is in that anyone wanting to get upto something will leave my connection alone as it's easier to access SKY181 or [insert_easily_researchable_router_model_with_default_admin_passwords] down the road... *shrug* =)
I wonder how things would go in the UK with BT's home supplied routers which act as FON hotspots for anyone with an account. I don't know, as I don't have either the AP or an account, but I hope for the broadband customers sake that BT can and do log access made via these hotspots.
The BT FON acts like two separate routers. People connecting from 'outside' use a different SSID and get a different IP address. I don't know what MAC address the router presents though so it might still be possible to trace the data back to a particular box. I would hope that when BT were contacted they would be able to explain that it had nothing to do with the owner of the box and they should pursue the FON account holder.
The FON still shows the same external IP as accessing the website as the real account holder. For the police to access the account holders information they must contact BT and request details. Which at this point BT will supply both access lists for the real router and also the Fon router.
I am not on BT but bought a FON router for £40 so I can use for free any of the millions of BTFON HomeHubs all over the country. For my part of the bargin I just leave the FON router plugged in to my LAN.
Any users do not come out of my IP address, they are routed to come out of BT's. Since they sign in BTFON has a record of their connection including their name and any details linked to their BT Internet account.
You are .......
JOKING I hope!!!!
BT will Hahahahahahahehehehehehehahahahahahaha
I had same thought.
Are fon hotspots logged?
Who is liable if pron is d/l'd on a router hosting one.
Will BT help defend you if the rozzers come a callin'. (I doubt it very much)
Nice in practice but FON have never been the most customer focused company. This has been raised before many times on the FON boards and the answer is alweays to bury heads in sand and say that is not an issue.
Lets face it just like in this case the police WILL assume the owner is at fault, they chose to share the connection and assume they are guilty.
Many Many people have BT FON because they don't know better and are opted in by simply using the BT homehub. You could always get free access on FON by signing up as a "alien" with a email account and watching a advert. Add in disposable hotmail / yahoo/gmail accounts and the downloader could be effectly anonymous.
With free wifi being more common in pubs, cafes, shops etc Fon's time has been and gone, unfortunalty it's security hole will linger on for BT customers.
I think, this is part of a bigger "security" picture.
Currently, the "authorities" are trying to promote the legal-fiction that anything that can be done with "your IT property" (stolen, borrowed, or not) is YOUR legal-responsibility. This (along with the boogy-men of; "child porn", "crime", and "terrorism") is being specifically used to justify the entire notion of external-control of your computer, and Internet, usage (such as being forced to run a "trusted" , locked-down, computer that only does what it is allowed to, by various government, and private, interests... as specified by government "regulation", and imposed by your ISP).
Bye, bye privacy, freedom, and rights... Hello, special-interest, police-state.
Re: "I think, this is part of a bigger "security" picture."
The phrase is "Unstoppable march to the utopian police state". Aided and abetted (in the UK) by the likes of the Daily Fail and other self appointed vigilante groups".
As for the "milion CP images" referenced, it sounds like the police are systemically failing to do what they are paid for (there's a first.), ie blocking this filth at source.
Unless of course, they just don't care...
In the 'great land of the free' called USA. A million child porn images could constitute a video. There are guidelines written for them for the evidence that is found that I think every minute of video is classed as 1000 images.
This is how they get such large numbers.
"Currently, the "authorities" are trying to promote the legal-fiction that anything that can be done with "your IT property" (stolen, borrowed, or not) is YOUR legal-responsibility"
Roll on Apple making home routers then, coz we all know we don't actually own anything produce by Apple after all.
Where's my effin sarcy icon?
Interesting maths... Ignoring that only a fraction of the video frames are complete images, and most are actually transitional frames stored as differences to a complete reference frame, 60 seconds at 30 frames per second is 1800 images. So they could have hyped it far more.
I guess you don't have the Daily Mail in the USA to push this kind of mathematical correction!
If my router is leased from my ISP, it's not my property and my ISP is liable?
RE: BT's FON
To use the FON network (which is crap really, literally good enough for email but not transmitting a football game to your wife), you have to login with your email address.
@ anon where the media show up with the pigs, where would that be, exactly? Not many clues in your post.
As for the conclusion, open wifi vs over eager cops, I'd say it shows they're already watching everything we do online, ergo, act appropriately...
To the victim ....
To the victim whose home was busted by the police: Your ordeal, though unpleasant, has raised public awareness of Wi-Fi theft, and will probably save many innocent people from false arrests and false imprisonment. (In this world, there are many victims of false imprisonment, e.g. the innocent 14-year-old boy at Guantanamo.)
How do you know for sure the 14 year old was innocent?
I mean, if the chosen one believed Stan Shunpike wasn't a Deatheater, couldn't you be wrong too?
Yes, in fact, the 14-year-old boy was innocent ...
The 14-year-old (named Naqib Ullah) was innocent according to a secret U.S. intelligence assessment written in 2003. Thank-you for unmasking this, Wikileaks.
In an ideal world, we could leave our wireless open, creating a wonderful situation of being able to get a wireless connection almost wherever you are (in a town or city at least), safe in the knowledge that it would only be used for 'legit' (note the quotes) purposes and not for anything that could put us in legal endangerment or further create demand for 'nefarious' activities.
Sadly of course it's not like that .... I use mains-ethernet exclusivly these days anyway, I got fed up with the poor quality and speed of wireless (especially since I had to use the awful 'Orange Livebox' with its lack of external antenna, but thats a gripe for another time .. )
The point about an IP not necessarily relating to one person is the most interesting thing. I'm assuming that this person then got released because there was no 'material' on any of his/her equipment.
Someone else I think makes an interesting point about a defence for someone doing that by deliberately leaving their connection unsecured ....
This is news?
I knew this would happen as soon as I read about that BT thing where they "encourage" you to let random people use your WiFi connection.
No way will any law enforcement types ever understand this; anyone who allows their connection to be used is just asking for trouble.
Me? 802.1x .... forget it, bad guys!
If people are using long-range antenna to access the wi-fi points, how do they get found out?
Probably from the 18 inch long directional antenna bolted to the top of their chimney!
Talking of which, I should take mine down, I used to use it to share my friends wifi before I could get broadband, he was only 300 meters away but the phone lines took a different route to his house so were somewhat shorter, than mine, and not aluminium.
Hmm, and here I always thought the unobstrusive antenna of choice was a pringles can (empty). Still that would probably look odd stuck to the top of your boat/car/head :)
To WEP or not to WEP
Our network is WEP protected, but also non visible. You have to know it's name to connect and have your MAC address registered. It's the best I can do. I would like to WAP protect it but Mrs Muscleguy's PSP won't connect if it is set to WAP (don't mention connecting her XBox to it wirelessly).
Besides the neighbour's BT Openzone is a far more tempting target ;-)
Im sorry to pop your bubble Muscleguy, but the clients that are connected to your "hidden" network broadcast your SSID and their MAC address. That anybody who may be listening to can then capture.
I was on a Microsoft training course a while back when they told us that "Hidden SSID and Mac Filtering is the best form of wireless security for enterprise networks"
Also to connect to open BT Networks (BT Openzone, The Cloud, BT Fon etc) You need to log into it or buy credits with a card
Bad news. Your connection could be breached within minutes.
Hiding the ID doesn't make your network invisible, it just means the ID has to be provided by the connecting party as another form of confirmation. The trouble is if you are using your wireless network, that "secret" ID is whizzing about in the airwaves all the time in the packets... And your packet are only encrypted with WEP.
WEP can be broken very quickly. Once the key has been extracted the next packet that comes past with the ID in it will be broken, and there is the ID, and a MAC address which you allow.
It will stop someone accidentally using your network, but to anyone who *really* wants to use it anything not secured by WPA2 is as good as open.
@Muscleguy - google Kismet, you may be surprised at some of the freely available tools out there.
There's also a 5 Gb password file out there somewhere that you can use once you have a copy of the encrypted WPA key (WEP can be broken in minutes) - so always use a non-word (non-substitution) WPA key, as the password files regularly take into account regular substitutions.
..bad news. You make it clear that you know the risks and that you know your network isn't very secure and you also state that a neighbour has a more easily hackable wifi setup. Nevertheless a load of smartarses on here are going to "enlighten" you with their wisdom about how easy it would be to hack your wifi.
Anyone who is prepared to crack your WEP key will have no problem identifing the SSID if it's hidden. Same goes for the MAC filtering. Yes it will deter the person walking by, but it will not stop someone who is a bit mroe determined.
Hiding your SSID is also not a valid seucirty method in my eyes, and also makes any clients that connect to that network less secure.