Oz cops turn to wardriving to fight Wi-Fi 'jackers

Buisness Oppotunity

A work colleague use to do the same but when he found a street full of unprotected Wi-Fi he would put flyers through the doors offering services to configure there routers for a nominal fee (and he was the security guy for our office)

To what end?

What crime is being prevented? It's rather annoying that someone would piggy-back uninvited on your connection, but is it even a crime, let alone a threat requiring police time?

The only possibilities I can think of:

- downloading pirated stuff (civil rather than criminal offence?)

- sharing illegal stuff (changes of that seem vanishingly small)

- snooping on broadband owners usage for credit card details etc (a lot of effort for minimal return).

I think the police are wasting their time here.

Wardriving?

Or fishing expedition?

No clue

WEP'd? WEP is about as secure as a car with the keys in the ignition. One would think that if they're going to be dictating to people about security, they'd at least do enough research to make that "advice" useful.

Meh!

Forgot the tagline:

Jesus WEP'd!

Cue:

Loads of whiney comments along the lines of: "Oh noes WEP as insecurrs anyhows. OzPlod shud be arks for WPA / TKIP / <whatever>, is most silly har har"....

Probably followed by someone blaming Microsoft........

cops breaking the law

By doing this surely the plod are breaking the law themselves, clearly they are attempting to gain access to private networks if they test default passwords.

Ahem... *cough* *cough*

OK, so they see open or poorly secured APs via a scan. What then? Will they go knocking on a number of doors asking "Sir, ma'am, do you currently possess the insecure AP we're looking for?"

Not sure they've yet realised that an AP's radius can easily encompass multiple housing units or offices. Somehow, I don't think this perhaps well-intentioned action was fully thought through.

Security Overload?

Many networks have no encryption for a good public purpose. Proper secure authentication can only be done upstream. I wonder if the cops realise that and don't start a campaign that can damage these services?

What about....

...if I choose to leave my router unsecured so that other people can use it?

Stupid.

Checking the password

Presumably the only way they can check for the default password is by using it to log on.

Are they breaking the law by doing that?

And are they *all* going to be able to resist the temptation to have a fishing expedition round the local network's files once they're logged on?

Ahh, the "anti-piracy" lobby...

This is nothing to do with security.

If you have an unsecured wireless network and don't feel like putting money into the hands of the wankers in the MPAA and RIAA, you can just state that someone else must have been using your connection (if you're not a complete moron, IP logs will be all the evidence they have).

If it's got WEP, even though WEP is as secure as a bundle of £20 notes with a "Please nick this" sign in the middle of Chav Central, you lose this defence; you didn't secure it *enough* so they're coming for you anyway.

Poor "quote"

"Look guys, another 'Belkin54g'..."

Retaining the default SSID does not mean the WEP / WPA key has not been set.

Re: David Haworth

So, by your reasoning, If I leave my car unlocked with the keys in the ignition it isn't theft if someone jumps in and drives off?

It's amazing how dishonest people always manage to justify their actions somehow. Hollywood charge too much/their films are crap/the cd I wanted wasn't available/was drm'd etc etc.

@Chronos

As 1st commenter said, WEP suggests that you don't grant access to anyone who connects. So you should be legally far clearer if you DO get caught doing anything illegal- even if they do have a clever lawyer.

Also, some devices don't support WPA and WPA2. Can't think of any common ones off-hand, but the Police really should be working with the lowest common denominator- and unfortunately that's WEP.

And of course...

... they're not using the unsecured systems to download lots of porn....

@David Haworth

I've always maintained:

that there is justification to say that taking a car where the owner leaves the keys is allowed as you've already asked permission...that the user didn't intend it is by the by. they are responsible for their car.

that there is justification to say that entering a home and taking what I like when the owner leaves the door unlocked is allowed as you've already asked permission...that the user didn't intend it is by the by. they are responsible for their home.

And to really blame the victim

that there is justification to say that having sexual intercourse with a woman too drunk to stand-up is allowed as you've already asked permission...that the user didn't intend it is by the by. they are responsible for their drunken state.

Police use WEP

Chronos - LOL - very good comment!

Maybe the crims should use the police WAP if they only have WEP :)

@Bumpy Cat

When my mates mum had broadband first installed, they never secured it and the bloke next door used it to download his kid pix

This and all your suggestions are crimes that can be prevented (or at least your alledged involvement with them) by securing your wireless and as lots of people don't know about it.....

Unsecured WiFi presents a big problem to police...

I suspect there's a hidden agenda behind this move, as they are clearly spending time, money and resources on this task, so someone high up has to ok that spending spree. Its very likely unsecured WiFi presents a big problem to police. After all, Terrorists (hiding on every street corner) can tap in and use connections, which the police monitoring ISPs cannot pin onto the downloaders as the downloaders look like the company connected to the ISP, not the wifi user, they cannot directly spy on and catch so easily. (But with a growing list of unsecured WiFi, they can at least pin point locations where crimes maybe commited).

The thing that makes this far more likely is if you replace the word Terrorists, with “Music & Film Downloaders”.

Then add in the occasional political activist who dares to speak out against their growing Nanny State (soon to be hopefully seen by more people as a growing Totalitarian State). Someone speaking out like this would be ever more forced to use wifi as their only safe(ist) way to speak out against their growing total control regime.

How long before we have a major push like this in the UK to silence WiFi avenues of decent. The big corporations, (especially film and music businesses), combining with politicians working together to force their collective will onto us all (for their own gain). They all have a vested interest in silencing freedom of speech and so freedom to share thoughts on the Internet. After all we may not like their growing plans to control the Internet (and micro manage our lives, so they can "monitise" our lives for their own gain) and we may actually start to get angry enough with them all, to start saying that out loud. Enough people standing together can oppose them and they know it. Thought Crimes need to be crushed. Decent needs to be crushed. Groups need to be broken up. We cannot have growing groups of people standing together against the people in power. But social control is hard to sell, so we need to sell control as freedom from fear. Fear the dangers all around. After all we only aim to protect you, honest. You can trust us, after all, you are safe beneath our watchful eyes. Go back to sleep now. Try to think of other things. Here we will help you. Have you heard about that terrible flu epidemic going around.

Its no wonder they hate open WiFi as its gives some small freedom from ever growing control. This isn't just about WiFi its about control (as usual, because control brings personal gain for the people in control, but they have to convince us to let them control us all. What better way, than keep marketing fears to us).

Why bother?

So what...someone else uses my wireless connection...the illegal stuff will be on none of my computers, so there's no evidence that I did anything wrong. And all forms of wireless "security" can be cracked,given enough time. And there's the hassle of allowing friends on the network when they pop over for a LAN or whatever. To heck. Leave it unlocked. Open door policy:)

Don't pull the pin...it'll never go off.

@ Those who say David Haworth is wrong

Your analogies are flawed. Accessing an open wireless connection is NOT the same as going into your house / taking your car / using your garden hose / whatever.

A better analogy is, if you dump your furniture on the sidewalk with a sign saying "Help yourself", then is a person committing a crime if they take it? No. Or another analogy is if you leave your front door open with a sign saying "Open to the public - Come on in!"

Firstly, your wireless connection is broadcasting into public space. If I have to go onto your property to access your connection then you have a case. But if your wireless is broadcasting onto my property (or into public space), then Alpha Tony's apple tree analogy applies. In this case, it relates to the part of my analogy above where you put your furniture on the sidewalk.

Secondly, that your unsecured wireless EXPLICITLY GRANTS PERMISSION when another computer connects to it corresponds to the part of my analogy where you put a sign on the furniture saying "Help yourself".

I've often been using my laptop in the passenger seat of a car or on a bus and it's connected automatically to someone's nearby unsecured network while in range, whether I want it to or not. You can't accuse me of anything if your network openly invites any nearby computer to connect to it - the equivalent of the sign on your door saying "Open to the public".

The bottom line is, if you choose not to secure your wireless connection, there is no crime in someone on public or neighbouring property connecting to it. It's not about "justifying" anything. It's about reminding moralising do-gooders like yourselves that want to criminalise anything not explicitly permitted, that some people do like to share and if you don't then bloody well secure your wireless and deny permission to access it. Take the signs off your doors, idiots!

@ Alpha Tony

"By Alpha Tony Posted Friday 17th July 2009 10:11 GMT

Out of interest, what is the legal position when your neighbour is broadcasting their unsecurred wireless network onto your property? I mean if their apple tree overhangs my garden and there is an apple on the branch overhanging my lawn I figure that I am entitled to eat that apple.."

In the UK at least then you would be wrong, just because something is in/overhanging your property does not make it yours. Look at it another way, if a £50 note was blown from you wallet and landed in someone else's garden you would not think it had suddenly become theirs for the taking, would you?

The same is true of a WiFi signal, there is a protocol for devices handshaking, that does not mean it is either lawful or morally right to use a service that someone else is having to pay for just because they have not secured it.

WEP

So WEP might be vulnerable, but it's at least like locking the doors to your car. If someone really wants access to the inside they'll find away.

I've seen demonstrations of WPA being cracked too, and MAC addresses can be spoofed, so what do you uber-security gods suggest?

People would be better off if they didn't leave the things on all day every day. I agree that it's no different to the police trying your front door handle.

The testing of default passwords does provide an interesting debate though...

Paris, because I couldn't find a suitable "Face-palm" icon, it's Friday, and let's be honest, you wouldn't say no, would you?

Another Analogy...

Just out of interest, what would be the legal position if someone you invited into your house (e.g. for a party) started selling drugs? Are you, the house owner, responsible for their illegal activities, or are they?

If it is the former case, then that is the same as someone who owns an unsecured wireless access point being responsible for what users of that access point do.

personally, I believe that it should be the individual users of the access points who are responsible for their own actions (e.g. downloading illegal material), not the access point owner. Thus, there should be no need to secure your access point if you don't want to.

Aww, fer cryin'....

Pissing about using WEP instead of something more robust is like pissing about not having a deadbolt with specific security enhancements over just locking the doorknob.

The point is: Most criminals are looking for the low-hanging fruit. Why bother cracking an encryption or picking a lock when there are so many unencrypted APs and unlocked doors? Can't get in? Well, let's just keep moving. WEP may not be much, but it's enough to keep 95% of the plods from trying you on and moving on to the next network.

Also, this seems to be "bad analogy day" here. There is no explicit dialog between you and your neighbor if you take his garden hose without asking and use it to fill your swimming pool. Nor is there an explicit dialog if you leave your keys in the car's ignition and someone takes it. There is an explicit dialog between your unencrypted AP (a proxy for you, as you set it up, offering open service) and the crook's laptop stealing your services (a proxy for him/her asking for a connection).

Your garden hose is not a proxy for you, nor is your car.

And don't forget

To lock on your chastity belt on your way out the door.

@Trevor Watt

Actually, the Apple Tree analogy is correct: in the UK at least, any crop that overhangs your property is yours. Ironically, the wood that it grew on is not: you are allowed to trim back to your boundary, but the trimmings must be offered back to the 'owner'.

Back to the point - what a waste of time, unless of course, the authorities are doing far more monitoring than they are telling us about...

Another analogy?

Kind of like putting your TV right up to the window so you can watch it from the garden, having passers-by watch it from the pavement outside your driveway.

Or a hosepipe left running off your property - is it theft to collect the water in a bucket to fill your swimming pool? That's more like it...

Pot meet kettle

They need to start in their own backyard first. Recently I was called for jury service in the District Court in Ipswich (Qld) and took my Eee PC along loaded with an E-book or three. As soon as I started it up it detected an unsecured wi-fi network, the Qld Court network. I did logon and got access to the Intarwebs, just to see if I could. Not much point in going around checking for unsecured citizens' wi-fi when one of their own is wide open!

And yes, my own net IS secured!

Anonymous for obvious reasons.

yet another analogy

Try this one on for size. You have a Porta Potty (portable outhouse/bathroom) on your sidewalk. Do you expect someone walking by, or your neighbors outside not to use it (if they need it) when you leave it with the green sign saying open. Now if you put a lock on that out house people breaking the lock would be breaking in, or if you just tie it closed with a wire, that would be like using the default password for your router. Putting the Porta Potty in your backyard or in the garage would be like not broadcasting your SSID.

Porta Potties are a common convenience when there is no easy way to have a bathroom close by, you can look at WIFI as the same, its a convenience. If they dont want you in, they can disable the broadcast of the SSID, password protect it, among many other things.

I am going to put the default password on my router and any access done by cops will be reported as unauthorized access to a secured network, of course ill put a sign in my window stating the wireless password so that others can see it, In small print it will say that I grant access to everybody except law enforcement personnel.

Theft of Service?

Attorneys I have consulted with maintain that for you to receive the signal, and any data that it contains, is legal. However if you use the connection, you are in fact stealing. What are you stealing? Bandwidth! Back to the hose analogy, you can look at my hose, even look at what's coming out of it, but since I pay for the water I am entitled to the use of ALL of it, so keep your hands off my hose! (Unless you're Paris)

This part of there Surveillance Operation

What I mean is that unsecured routers pose a risk to the governments snooping on it's own subjects. If IP addresses are not shared, they can monitor all Internet connections via the ISP's logs and hold the homeowner to account if anything illegal or politically upsetting is accessed via that IP.

The problem is that if people don't mind others accessing and using their internet connection anonymously and without asking, this scuppers the governments snooping operation. I'm sure that when IPv6 becomes the standard protocol, it will be made illegal worldwide, to share IP addresses, so that every activity can be monitored.

What, exactly, is the risk?

My brother maintains an open wireless network with a name of "Welcome!" I told him he was at risk. He asked, "Of what?" Good darned question.

- In spite of comments above, any prosecutor trying to prove he'd used the internet for anything illegal would have a heck of a time convincing a jury that no one had used his completely open network with a Welcome sign on it. They'd have to hope for forensic evidence on his laptop itself.

- He doesn't care if people read his e-mails. He and I grew up in the, "Sending it via e-mail is the same as posting it on the local bulletin board" generation.

- He points out that the external risks to his system are far greater than the risk of someone finding his open network and trying to hack into his router or laptop.

Anyone care to argue that running an open wireless network is a security risk to the actual person running the network? I'd love to hear reasons (beyond making the police's work more difficult) that he shouldn't be doing it.

Hummmmm

Looks like these plods found a good excuse -and the means- for surfing the net while on duty. As others have noted, finding the owner of the unsecured wi-fi spot could be quite difficult.

Paris, because she is also very good at mixing business and pleasure. :)

Title

This, of course, has been though through hasn't it? I mean the Police must have to access a secure site once connected where they can leave some sort of timestamp or official note and a letter sent from the ISP to the owner of the unsecured hot-spot?

Maybe I'm mixing up executing something Professionally with giving a load of cops overtime to drive about doing things they have no business doing.

Risks and analogies.

If you leave your router unsecured and I happen to join the network while your computer is on there is the risk I can gain access to your files. I can also exceed your bandwidth useage if you happen to be capped, leading to extra charges from your ISP. I could access your router setup page, change the settings and deny you access to your own internet (unless you are smart and know how to reset it to default, which is unlikely if you don't even know how to setup security). I could even flash a new firmware to the router including some unsavoury functions of my own.

Most of the analogies being bandied about here require little technical knowledge. Its not obvious to the average user how to setup their router, so if you steal their bandwidth you are taking advantage of their ignorance. Even if its not illegal (I think it is though) its morally dubious, and anyone with half a brain would know that.

I can't believe you guys are up in arms about this

Bottom line is, if I i want to do something bad, I am not going to do it from my own machine. if i can get on to an open wifi network (and it takes less time and skill to drive 5 meters down the road to the next house than it does to crack a wep key).

So if you leave you network open, 'because you want people to use it' you had better have a good excuse when somoene uploads a ton of kiddie porn from your ip address.

In court the bill payer is responsible!

So good on Brian Hay and his team for thinking out of the box.