CNN.com – Man charged with stealing Wi-Fi signal – Jul 7, 2005 — How can this be illegal when the computers often latch onto the wrong signal by themselves? This is going to create a lot of trouble for the justice system if they prosecute! My PC Magazine column here discusses the ramifications. The fact is that it should be public policy that an open unencrypted 802.11 signal be public domain once it leaves the premises.
ST. PETERSBURG, Florida (AP) — Police have arrested a man for using someone else’s wireless Internet network in one of the first criminal cases involving this fairly common practice.
Benjamin Smith III, 41, faces a pretrial hearing this month following his April arrest on charges of unauthorized access to a computer network, a third-degree felony.
Police say Smith admitted using the Wi-Fi signal from the home of Richard Dinon, who had noticed Smith sitting in an SUV outside Dinon’s house using a laptop computer.
found by C. Groves
Here in Portugal, one operator (Netcabo) is selling wireless kits. However those kits make no mention whatsoever to security, how to protect your AP, how to encrypt your data, nothing, zip, nada! Maybe as a result, near my house there’s around 20 or 30 unprotected APs, all called linksys and with admin/admin as the password…
Now, I didn’t buy one of those, but being new to wireless I got a wireless G router – a linksys, as it happens. A few days down the road, still learning, I started protecting my point. However, new as I was, I was doing it from the wireless PC, not a wired one. When I realized it, I had *thoroughly protected a neighbours AP*, with 64 bit WEP (with was a wireless B AP), MAC address filtering (accepting only my MAC, of course) and new pwd for the admin account… The legitimate user, whom I don’t know, most likely lost all his access in that period…
So when I noticed what I had done, I had to reset his router and then configure mine the right way – through a wired link.
I agree with you that when signals get out there they should be public domain. However, the seller of wireless kit, especially if they are broadband providers (as in this case) MUST be forced by law to make it very clear how to protect their signal, especially if the end user s paying for volume traffic. If that doesn’t happen, then I think that, as a result of lack of knowledge on the part of the user and lack of information provided by the seller, the ISP should be liable for losses if anyone latches on to the signal and starts using all that bandwidth, knowingly or not.
It has already happened to a few people here, who thought it would be ‘cool’ to have wireless – and it is – but didn’t know a thing about security – as most ‘common’ folks don’t. They found later in the month huge traffic fees in their monthly bills – you see, Netcabo charges for traffic over a pre-established volume.
Now, isn’t that a nice, dirty, business model for the operator? Don’t tell the user someone else can use their connection. That way he may end up having to pay us loads of cash! I actually think this has been discussed inside Netcabo and a decision to not do a thing has been deliberate! I have no evidence, of course. This is just speculation. Just think:
– cost to make users aware about security – x million bucks
– cost to teach users how to activate security features in their kit – y million bucks
– cost to train support personnell – 20 bucks
– cost to take zillions of support calls – z million bucks
– profit (in the short run) if you do all this – maybe small, as users may realize they lack the expertise and stay away from the tech. Competitors would benefit too.
– cost of telling nothing – 0
– profit if you don’t say nothing – potentially huge
So it’s clear how such a decision could have been (and has, imho) done…
Most of the routers I’ve seen give instructions on security pretty clearly. It’s just not the default and people don’t bother to use it. The question I have is about your column. What software is Toshiba using to connect to networks? I have a laptop with the Connectivity suite that lists the available networks but no obvious means of connecting. However, if I disable Windows’ connecting to wireless, then the Toshiba connects automatically through some unknown software.
How was this case an accident? Did you READ the facts? Sheesh, man…do you EVER read the facts?
BTW, I’ll be over to your house later to steal all the water I need to fill up my pool. What, you DO have a lock on your outdoor hose do you not?
“How can this be illegal”
I think intent is the issue here. This guy was sitting in a SUV outside the apartment deliberately using the signal.
Ralphie, While on the subject of actually “reading.” Who said that this particular case was an “accident??” I’m wondering since I sure do not see it. Please cite the reference before you go off half-cocked. And what does this have to do with pool water where trespassing is involved. If you put the water in a public place, that would be a better analogy. Get off your high horse.
The way I see it, the fellow was in a public place and there was a signal violating his car. The 802.11 broadcaster should be cited if anyone should. If you are going to put law enforcement in the position of having to deal with this, it is going to be a taxpayers and legal nightmare. If you do not want to be poached then ENCRYPT!!! Is that asking too much??? Geez.
Hopefully the judge will see this and throw this case out. How can anyone defend this action?
Then bust the guy for loitering.
John is only half right. He’s ignoring half of the transmit/receive model.
Yes, if you send your signal into my SUV, then I can receive it, and passive signal reception that shouldn’t be illegal.
BUT, the guy in the SUV was also sending HIS signal into somebody else’s hardware, and using somebody else’s uplink connection. THAT is theft, plain and simple.
Dan
Damn it! I can always find an article in the online archives of our local paper — except when I really want it. I was going to offer a link from a recent article on how a number of local folks who can’t get broadband at their homes drive to any one of several local free hot spots and just sit in their cars using their laptops.
They’re out there at 2 in the morning in front of one local bakery and coffee shop. The newspaper interviewed one guy who’s out there just about every night. He can’t get anything but dial-up at home. He has a rocket connection at work; but, when he wants to get a lot done on his own time, he just hops in his car and drives over and parks in front of the bakery.
Cops don’t mind — once they found out what he’s doing there. And he keeps on eye on the shopping center while he’s there. The bakery leaves everything on 24/7 as a service to the community.
What would be the difference between this and a ham radio or CB operator? No one owns the radio waves. Both the radio operator and the accused here use transmitters to get their signals out.
If this case is not thrown out, then, as the site admin suggested, the base owner should be charged with radio interference.
I believe the prosecutor will try to make a deal so the guy gets a fine on a misdemeanor and it doesn’t go to trial. The guy will go along with the deal as it is too expensive to fight. The guy could also take it to the FCC, which would force them to act, and out of the hands of the local law enforcement.
I think this guy Site Admin got it right.
This would almost be like criminalizing the overhearing of conversations in public places.
Be great for our CA trial lawyers, though.
John, you are exactly right. Somehow people have it their head that they can broadcast a signal and then incriminate people that pick it up. This is like yelling secrets at the top of your lungs from your door and then arresting people that listen.
IMO, if you broadcast it over the airwaves anyone it’s far game for anyone listening. You thwart people unfairly receiving your content through encryption.
Unfortunately, the second worst law ever written, the DMCA, prevents people from attempting to break encryption routines. (The assault weapons ban has the title for the worst law ever written). The effect is that encryption routines are weaker as there are fewer white hat hackers that attempt to break it. But that’s another discussion…
OK, this is just dumb anyway you look at it.
1. The guy with the wireless router should turn on basic encryption. It’s simple and it keeps out the common riff-raff. Just about every wireless router on the planet has WEP or WPA built in. Use it!
2. The guy “stealing” the bandwidth was dumb for sitting in his car to snatch a signal. Go to Bruegger’s or the local library for FREE access!
3. The police were dumb for actually arresting the guy. Come on!
Comments? – Feel free to post em here: http://www.mason23.com/blog
Do you arrest people for peanuts?
I mean… yeah, the man was stealing, but come on… to be fined or forced to pay some other sort of financial compensation would seem fair… but to arrest the man?? Don’t you have REAL criminals out there needing to be arrested first, like murderers, rapists, etc. I mean, do you think the victim wouldn’t feel justice had been done by simply having been compensated for any lose. Maybe he didn’t even have any loss at all? If someone used my access point, as long as my total traffic didn’t exceed the limit my ISP allows me before charging more than my monthly bill, and as long as he did it when I wasn’t using my internet access, so I wouldn’t notice a slow down, then I wouldn’t have felt any damage whatsoever.
Have you ever seen Les Miserables? Of course you cannot compare steeling bread to eat with steeling someone’s bandwidth. But there is one similarity, the very low value of what’s been stolen. It’s just like arresting someone for steeling candy.
I’m another Portuguese who has Netcabo access. Being a software developer, I bought my own wireless router (instead of buying a kit sold by the ISP) and configured its security right away… I did feel that an ordinary user would have very easily skipped that step because of not even being sensitive to the issue. Maybe routers should be built differently.
I find it interesting that the charges stem just from using the network.
My current Cable (and previous DSL) connection are (were) flat-rate systems – so a “poacher” would not cost me any money. My only complaint might be if the “poacher’s” bandwidth was causing a noticeable slowdown in my downloads.
Sounds like a “victimless” crime, to me.
“The way I see it, the fellow was in a public place and there was a signal violating his car. The 802.11 broadcaster should be cited if anyone should. If you are going to put law enforcement in the position of having to deal with this, it is going to be a taxpayers and legal nightmare. If you do not want to be poached then ENCRYPT!!! Is that asking too much??? Geez.
Hopefully the judge will see this and throw this case out. How can anyone defend this action?”
Amen! As well to several others here. It’s super-easy to psot “No Trespassing” signs on one’s wifi hotspot; neglecting to do so is as innocnet as picking wild berries in an apparently open field on the side of the road. Hopefully the judge / jury / defense will see that.
I haven’t seen your take on these guys yet. Hopefully they, with their claimed 40x expanded bandwidth on practically every frequency, will make connectivity so cheap that stories like these will become as common (and laughable) as lawsuits against a passerby who paused to enjoy the scents and sights of the flowers in his neighbors front yard.
Is it possible to get a wi-fi router that gives preferential treatment to selected addresses? This way, noone could slow down your own usage,but you can still share excess with others.
A better analogy of the water would be if the guy left his hose running and it ran down the driveway and on to the street and then had someone arrested for stealing the street water. The point is that it is not unrealistic to believe the person is providing “community” access as a nice guy as opposed to just being ignorant of how he can connect to this router without wires. For this case to be even remotely valid would have required the “victim” to have warned the “perpetrator” that he wasn’t allowed to use his “published” access point. If they begin to criminalize taking advantage of stupid & irresponsible people then they’ll have to start with the entire marketing industry.
AB CD, in principle all routers can be configured to do something called MAC Address filtering, which basically is ‘talking’ ONLY to the PCs whose Wifi cards MAC addresses are on the list you define on the router – or the opposite, not talk to those on the list.
It’s very easy to setup, however, for non-techies it *may* look complicated, and the required trials and errors to get it working, if they never done it before, may be enough to convince them they’re not doing it right and give up.
I hope manufacturers come up with some very simple, very secure way to do this, maybe pressing a red button on both the router or the card or something… No web configs, no nothing – just press those buttons at the same time… And then they’d get synched forever more…
I dunno, I’m sure there’s lots of clever people working on this – it’s just that they have to make it as simple as turning on a TV. If it’s as complicated as setting the time on the VCR… well, you know…
MAC address filtering as a Wi-Fi security measure is highly overrated. Most cards allow for users to set the MAC address themselves. On an unencrypted transmission, it is a piece of cake to pull a MAC address out of the air and assign it to your card.
Encryption is BY FAR, the best means to protect your network. Beyond WEP and WPA, you can use things like certificates and VPNs to increase security.
MAC fitler is another form of “security through obscurity”.
Stealing? Hardly. If they sniffed the airwaves they would have seen that the owners router issued a DHCPOFFER, as in OFFER. He offered his service whomever REQUESTED it. If I request to use your water spigot and you have a robot that says yes, I guess you gave permission. His router gave permission by offering the DHCP IP. If he didn’t want people using his router, he should have turned off DHCP. Pretty simple stuff.
This should die soon in court. The owner was lazy, or ignorant, but willingly gave the service.
I agree with the aspect of using a connection if the owner does nothing to protect it. Even the smallest security measure. This though I think is different because he was in a residential neighborhood at night. When someone was checking him out he left. Then he returned later!? I would call this suspicious behavior. A more open public area, Library, Panera, Bruggers, would not find this odd. But in a residential area!! There might have been something else involved here.
I thought that when someone doesn’t lock their wifi, that they are saying, “I’m sharing with whoever wants to use it”. I’m not kidding, I really believed this until I read today that it is illegal. But this was based on my assumption that everyone has unlimited traffic. I didn’t even know that there was such a thing nowadays as limited traffic except outside America. Another reason I assume they are intentionally sharing is because of what local governments and cafes are doing with their freebee wifi nodes. Our apartment complex has an open wifi and I’m sure they don’t care who connects. I’m too far away from the node though, so I just connect to whoever is ‘sharing’.