LITTLEBLACKDOG.COM

Posted: Tue Oct 21, 2003 4:32 am Post subject: "borrowing" wireless bandwidth

my laptop accidentally connected to someone elses wireless router in my home away from home last night and i decided to take advantage of the connection while i could (and still can).

i was wondering if there was any legal implications to this, and if so, are there documented cases of people getting in trouble for hooking on to other wireless networks.

i don't want to steal massive bandwidth or anything, just download my email, chat on aim, post on lbd occasionally. i have no malicious intentions whatsoever.

what do you guys think?

Leg Humper Joined: 16 Jan 2002 Posts: 5484

It's illegal to cut into a computer network, just like it's illegal to tap a phone line.
Special agent Bill Shore of the FBI has this to say:

Quote:

"... there may be criminal violations if the network is actually accessed including theft of services, interception of communications, misuse of computing resources, up to and including violations of the Federal Computer Fraud and Abuse Statute

If you're going to do it, be aware of the potential consequences.

Posted: Tue Oct 21, 2003 5:03 am Post subject:

If I caught you on my networks I would prosecute you. You could do the right thing and tell the person (must be nearby) their network is wide open and you can connect to it, offer to secure it, and maybe trade it for some temporary bandwidth.

Leg Humper Joined: 16 Jan 2002 Posts: 5484

EdisonRex wrote:
If I caught you on my networks I would prosecute you. You could do the right thing and tell the person (must be nearby) their network is wide open and you can connect to it, offer to secure it, and maybe trade it for some temporary bandwidth.

now that is good idea !

Posted: Tue Oct 21, 2003 5:42 am Post subject:

Quote:
If I caught you on my networks I would prosecute you. You could do the right thing and tell the person (must be nearby) their network is wide open and you can connect to it, offer to secure it, and maybe trade it for some temporary bandwidth.

That's a risky propositional this day in age, most companies tend to get real paranoid & threaten legal action when they are made aware of vulnerabilities or exposures

Best bet... be safe... stay on your own network

Posted: Tue Oct 21, 2003 5:58 am Post subject:

This brings up an interesting question:

If someone sets up a wireless hot-spot and decides to leave it open for public use, how do they notify anyone of that? And if you stumble upon a hot-spot such as you did, how does a user know whether or not the connection was left open on purpose, or by accident?

Posted: Tue Oct 21, 2003 6:04 am Post subject:

Dunno...

maybe something as simple as posting signs near the hotspot, wireless LANs can only be extended so far without some kind of antennas or signal boosters.

or maybe make some kind designator in the SSID... say PUB or OPEN?

just a thought

Posted: Tue Oct 21, 2003 6:44 am Post subject:

Quote:

That's a risky propositional this day in age, most companies tend to get real paranoid & threaten legal action when they are made aware of vulnerabilities or exposures

Best bet... be safe... stay on your own network

I would think a private residence or small business wouldn't act like a large one, and hohlecow wouldn't actually have to admit to gaining entry. It's more like walking down the street and seeing an open door, it's ok to knock on the door and when someone answers you say "hey your door is open you should lock it, I thought you might want to know".

Of course all of it is risky. Like I said if I find anyone on my network I'll go for blood.

Posted: Tue Oct 21, 2003 12:14 pm Post subject:

EdisonRex wrote:
If I caught you on my networks I would prosecute you.

Fair enough, but I would guess, knowing you that your networks are more than likely set up tight enough that you would know that a person on your network means that they got in intentionally.

My question to you is, would you still prosecute a person you found on your network if you had an unsecured wireless network setup?

I understand that legally, you DO have grounds to prosecute someone for network invasion even if it is due to your own carelessness or ignorance, but would you actually prosecute someone who stumbled onto your wireless signal that you did not bother to secure?

And at what point would you prosecute?

Scenario 1) 3rd party computer has automatically connected to the wireless signal, unknown to the owner, and is sitting there pulling an ip address and being a member of your network.

Scenario 2) 3rd party computer has automatically connected to the wireless signal, and is sitting there pulling an ip address and being a member of your network. The owner notices and starts "borrowing" your Internet connection

Scenario 3) 3rd party computer has connected to your network and the owner is actively browsing your network.

Personally, if I found a person on my network at all, I would be double checking my security settings and make sure that there is no possible way that their PC just stumbled onto the connection. Then, after I had made sure it was tight, and kicked them off my network, I would watch to see if they cam back. If they did come back, then it would be time for prosecution... but most people aren't as trusting as I am. And most people (non-geeks, I am speaking of here) would automatically assume that the fact that you are on their network means you "hacked" them, and would freak out, since the average Joe does not understand WEP and SSID security, much less MAC authentication.

Posted: Tue Oct 21, 2003 12:31 pm Post subject:

TheGodAnubis wrote:

Scenario 1) 3rd party computer has automatically connected to the wireless signal, unknown to the owner, and is sitting there pulling an ip address and being a member of your network.

No, I would not prosecute.

TheGodAnubis wrote:

Scenario 2) 3rd party computer has automatically connected to the wireless signal, and is sitting there pulling an ip address and being a member of your network. The owner notices and starts "borrowing" your Internet connection

Maybe I would, maybe I wouldn't. If they were aware they were on my network, I'd be more likely to, than if they were just randomly going on and didn't seem to know any better. If they were using a large amount of bandwidth, I'd also be more likely to.

TheGodAnubis wrote:

Scenario 3) 3rd party computer has connected to your network and the owner is actively browsing your network.

Yes, I would.

Scenario 4) 3rd party computer has connected to my network and the owner informs me of such as a common courtesy.

No, I would not immiediately prosecute. I would however do an immiediate job at securing the network and then audit everything to ensure that a) nobody else has broken in and b) nobody (including the samaritan) has compromised anything vital.

All of the above is dependant on if I had an unsecured wireless access point, and not somebody getting on a secured network. So right now, if I have a wireless access point, then I would find out where it was on my network, and then a) tell the manager who connected it to tell me before doing things like that and if they need it I will secure it for them, b) tell the other IT guy who connected it to tell me before doing things like that and to make sure he secures it (after which I would test his security), or c) disconnect it and bring it to the attention to management and hope for disciplenary action.

Basically, the only person I would expect to put up a WAP is the other IT guy, we've already discussed it, and since he sits right next to me I'd most likely either be made aware or notice.

Posted: Tue Oct 21, 2003 12:34 pm Post subject:

lyttek wrote:
If someone sets up a wireless hot-spot and decides to leave it open for public use, how do they notify anyone of that?

Stick flyers all over the place.

http://www.looseconnection.com/

Moderator Joined: 26 May 2001 Posts: 8155 Location: Borneo

What if you setup a connection up for the world to share. If you setup a ftp server with user anonymous and "no" password and i login to your computer than i assume that what i do is legal and if i use my laptop and get on your wireless network under the same circumstances than i assume your ok with that.

I don't think hohlecow hacked himself in the network but just tried autoconnect (or whatever the term is, not really up-to-date with wireless)) so he can assume that what he does is legal and completely above the board

Posted: Tue Oct 21, 2003 1:33 pm Post subject:

Wow... this kind of reminds me of the whole RIAA/p2p thing. Technology lets us do something new and then we gotta figure out if it's legal or not.

I think csign makes a good point. And it makes sense to me as long as that's all you do when you connect (Accessing purposely available local network services). But if you connect and then use their ISP to connect to the internet, I think that's crossing the line. Basically you could call it stealing. But there we go again... talking about stealing intangible things again. Confused

Posted: Tue Oct 21, 2003 1:51 pm Post subject:

If you found $20.00 on the street could you be prosecuted because it belongs to someone else?

If you use autoconnect and you happen to be on someones network without your knowledge, I don't see any negative legal implications in that. For example, you go to your local coffee shop which has a public wireless hub and you connect but you connected accidently to the guys network 2 doors down. I guess the question here would really be intent. Did you intend to do it or not?

Posted: Tue Oct 21, 2003 2:09 pm Post subject:

hrbib21 wrote:
For example, you go to your local coffee shop which has a public wireless hub...

that's exactly why i leave it on, you never know where there might be a wireless connection. the airport in st. paul has one i stumbled upon which has a proxy set up so you have to pay to use. i didn't see any signage advertising it, but it was still available.

i wouldn't have even known if i didn't get an im out of nowhere (which was really weird considering i didn't think i was connected to anything).

i guess i'll try to track down who it is and leave an anonymous not on their mailbox. if it's still up next week, it won't hurt my conscience to continue using it.

i did check to see if the default password was still being used on the router (you can't stop a dog from sniffing around new territory), and that had been changed, so that means the user is at least somewhat compitent (unless they're forced to do so by the router setup) as far as i could tell, there wasn't anyone else even connected.

if no else is on the network, and therefore not using any bandwidth, is it really stealling bandwidth? as soon as i disconnect, all their bandwidth is fully restored.

i didn't intend to connect, but i may or may intend to stay connected... we'll see which case gets more support.