|
Title: The Ethics of "Stealing" a WiFi Connection Post by: don on January 03, 2008, 11:13:46 PM Great starting point for a debate on the topic is a writeup by Eric Bangeman, Managing Editor of Ars Technica (http://arstechnica.com/authors.ars/I+Palindrome+I).
Quote Network security firm Sophos recently published a study on what it terms WiFi "piggybacking," or logging on to someone's open 802.11b/g/n network without their knowledge or permission. According to the company's study, which was carried out on behalf of The Times, 54 percent of the respondents have gone WiFi freeloading, or as Sophos put it, "admitted breaking the law [in the UK]." Amazingly, accessing an unsecured, wide-open WiFi network without permission is illegal in some places, and not just in the UK. An Illinois man was arrested and fined $250 in 2006 for using an open network without permission, while a Michigan man who parked his car in front of a café and snarfed its free WiFi was charged this past May with "Fraudulent access to computers, computer systems, and computer networks." On top of that, it's common to read stories about WiFi "stealing" in the mainstream media. It's time to put an end to this silliness. Using an open WiFi network is no more "stealing" than is listening to the radio or watching TV using the old rabbit ears. If the WiFi waves come to you and can be accessed without hacking, there should be no question that such access is legal and morally OK. If your neighbor runs his sprinkler and accidentally waters your yard, do you owe him money? Have you done something wrong? Have you ripped off the water company? Of course not. So why is it that when it comes to WiFi, people start talking about theft? The issue is going to come to a head soon because more and more consumer electronics devices are WiFi-enabled, and many of them, including Apple's iPhone and most Skype phones we've used, come ready out of the box to auto-connect to open WiFi networks. Furthermore, as laptop sales continue to grow even beyond desktops, the use of open WiFi is only going to grow along with it. See full story here: http://arstechnica.com/news.ars/post/20080103-the-ethics-of-stealing-a-wifi-connection.html Don Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: dannioni on January 04, 2008, 06:56:12 AM This is an interesting subject, I've had this discussion with my parents a couple of times :P, First hacking a encrypted networks is criminal, that' breaking into the house. But I use open networks to check my mail or just read on the internet, and I find nothing wrong with that, my little amount of traffic doesn't affect their internet speed, do most probably won't notice and even less care that I use their networks. No if you want you network private you need to encrypt it. Fon (www.fon.com) is also worth mentioning. Several ISPs where I lived has forbidden it's customers to provide free access to others, and threatening to shut off their internet. So when did ISPs gain he right to tell us what do o with our connection?
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: vijay2 on January 04, 2008, 07:05:39 AM This is a very volatile topic and always pawns discussions with the security professionals. I would like the put in my 2 cents here, these are results of numerous discussions with security professionals.
Beware of the law of land if and when you use open wireless network, mostly in US it is illegal. The fine line is drawn here is - as soon as you grab/obtain an IP address on a open wireless network without permission, you are in violation. I picked up a great analogy - open wireless access points is equated to a house door left unlocked, and in that context, if someone left the front door open does not mean that you can go and break in and steal from the house. Also, there would be case where the wireless access points are left open intentionally for phishing and steal your information. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: dannioni on January 04, 2008, 07:42:41 AM Yes, so network is unencrypted and a dhcp server is offering IP addresses to *everyone* that ask, how can that possibly illegal? I understand that many don't know what they're when they set up wlans and their rights should be protected, But if you don't have a door to your house and somebody breaks into your house you won't get any money from the insurance company, the same should apply to wlans.
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: g00d_4sh on January 04, 2008, 11:44:01 AM It is kind of an iffy issue. I have never thought of the 'leaving your door unlocked/open' argument before. And honestly I've always considered it rather silly for people to be fined or jailed for using what is being broadcast all around them. The 'leaving your door open' argument is somewhat compeling... though it strikes me that there is a difference. Your door doesn't extend into your neighbors lawn, the street, or farther down the street. It's almost more a case of someone walking accross your lawn when you don't have a fence up. Now... if you put up a fence, and someone jumps over it to get somewhere, getting pissed is a tad expected. If someone walks over your lawn to cut a corner, and you have no fence... no gate, nothing... well I say relax. As long as they arn't bringing their dog over to crap on the lawn, no harm no foul.
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: rance on January 04, 2008, 11:57:28 AM I've used the reference vijay quoted before. Just because the door is left open, it doesn't give you the right to come in.
Also, it's very rare that you'll "accidentally" use someone's WAP. You have to make a conscious decision to access their network. Again, just because the signal is there, doesn't give you the right to use it. In that theory, having a decryption system for satellite TV is fine and dandy, because the signal just happens to be being broadcast to your location; never mind the rights of the content owners. While it's true that users need to be responsible for the technology they use, we all know that's just not true. No patch for human stupidity, as they say. Again, that doesn't give you the right to utilize someone else's stuff. So, for one, you're accessing a private network without authorization. That's a crime, period. Second, you may be violating the ISP's Terms of Service (and in turn, the legal customer of the ISP is violating the ToS) by having computer not owned by the customer "sharing" their network. Now, why is it illegal? While the intentions of some may just be to check some email or hop on mapquest because they are lost, anyone reading these forums will probably know what kind of havoc can be wreaked with a little ARP spoofing and some Man in the Middle action. Let alone default open shares on machines and such. So the law is there to protect the ig'nint. Okay, getting a little too preachy for my second post here, better stop before I really bury myself. :) Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: vijay2 on January 04, 2008, 12:12:39 PM g00d_4sh,
I agree its a iffy issue, and I dont play or pretend to be lawyer here, but taking your own argument further, lets say I have a open WLAN (open door) and the signals extends everywhere ( shows up in your Wireless LAN Discover ). This OK till this point because you did not click on it to connect it. The monument you click the "connect" you had a intent (opening the unlock door = "break in"). Hope i did convey a point. This is always a fun discussion. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: !Sack! on January 04, 2008, 01:50:51 PM I agree with the artical. I think open WiFi connections should be classified as a "fair use".
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: g00d_4sh on January 04, 2008, 02:14:14 PM I understand your point vija2, I just personally view an open WAP more in the way of walking over someone's unfenced lawn. Is it impolite? Yep. Is it possibly trespassing? Well.. not technically if there is no sign specifically telling you not to walk on the lawn... but it's still close. Is it something I would fine someone for? Nope.
If a person has to break an encryption, even one as useless as WEP, then they are jumping over your fence... and tromping through your obviously protected lawn. That's the point to fine them. Or... if they're driving their car over your lawn (doing some big p2p downloads sucking all your bandwidth?)... then fining them and getting pissed is very reasonable. But if you have no fence (encryption), no sign saying 'stay off' (NAC?), and someone wants to take a shortcut over the corner of your lawn to get to where they are going (the internet)... then I really have little pity for you. If they're doing it a lot... (someone next door in an apartment sucking off your internet for free)... then they are an 4ss, and should be slapped. But the occational skip over my lawn has never bugged me. And I honestly have done it myself when I wanted to cut some time. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: slimjim100 on January 04, 2008, 04:56:56 PM For you guys in the USA here is some assitace on the issue:
Computer Hacking and Unauthorized Access Laws http://www.ncsl.org/programs/lis/cip/hacklaw.htm pick your state and try to make heads or tails from the legal jargan. I will keep my comments about the issue neutral but I do believe with everything going plug-in play it would be very easy for an unknowing person to hook to an Open AP. My kids did this with there Wii (gaming console). Once I noticed it was online updating and asked the how they knew the encryption key they just said they pick one on the screen ( they are 8 & 10 years old). I then put the correct AP in and entered my info but the idea of how more devices look for open internet connections makes me believe that this could also be an issue for vendors to address too. Brian Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: geekyone on January 04, 2008, 05:51:53 PM I think the issue is really about whether an open unsecured WiFi connection can be considered an invitation to use the network or not. That could actually be the owners intention. For example the owner could be sharing their Internet connection with their neighbor (maybe they went halves on the Internet bill). Now this would probably violate the ISP's TOS but it wouldn't be illegal. In this scenario the issue becomes less murky because the owner is intending their network to be shared with anonymous users. The question is since they didn't put a big sign out front saying "Please feel free to piggyback my network!" does the open connection itself imply that it's OK to connect. Now in IL (My great state ::)) the issue is fairly straightforward. See quote below (Thanks for the link Slim).
"Sec. 16D‑3. Computer Tampering. (a) A person commits the offense of computer tampering when he knowingly and without the authorization of a computer's owner, as defined in Section 15‑2 of this Code, or in excess of the authority granted to him: (1) Accesses or causes to be accessed a computer or any part thereof, a computer network, or a program or data;" IL clearly says "without the authorization of a computer's owner" which I think indicates that you need express permission from the network owner to use the network but I am not a lawyer so I could be wrong. Although Slim's kids would be OK in IL since they include the "knowingly and with out authorization" so if you don't know any better your fine. This is one case where being IT clueless would actually be an advantage. Well that's my 2 cents. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: dannioni on January 06, 2008, 05:21:44 PM And sadly most of the guys with unencrypted networks doesn't have a clue what they're doing, so really it's their right we're talking about, the one that willingly pen their networks are dwarfed by the unknown mass, so if you see a unencrypted network most probably you're not allowed to use it. Hypocrites as me still uses it :D
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: geekyone on January 15, 2008, 03:30:50 PM In case someone hasn't seen this. Here is Bruce Schneier's view on wireless security.
http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html (http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html) Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: iSmith on March 11, 2008, 02:40:51 PM hah... we live next to a neighbor with an open wifi connection, and we all use it all the time. :)
unethical, huh? Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: rance on March 11, 2008, 03:53:28 PM hah... we live next to a neighbor with an open wifi connection, and we all use it all the time. :) unethical, huh? The feds have been alearted and are on their way! ;D Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: shawal on March 11, 2008, 04:02:56 PM Amazing how many people connect to open networks! as security aware/professionals would you do that? would you consider that is safe? if you trust your machine defenses, would you trust that you wouldn't be caught in the act, and the possibility of bad reputation?! ethical/unethical is secondary then. I have not gone through the Bruce URL yet, however i find the analogies could not fit 100% as was pointed out by some of the particpants. In brief i belive it is clearly unappropraite if somehow the service is affected, or cost is involved, or if there was a clear indication that you are not wanted as in using a simple wep encryption for example, other wise it is debatable however is it wise? I do not believe so unless you are unemployed and could not afford EDGE/GPRS/3G or any other subscribed wireless service 8)
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: rance on March 11, 2008, 04:14:42 PM <snip> ...other wise it is debatable Personally, IMHO, there's no debate about it. If you hop on someone elses wireless network, you are accessing a private network. Unless you have specific permission to use it, you're breaking the law*. The one downfall of consumer wireless access points? There is no acceptable use policy/banner presented when you connect to a WiFi network. If there was such a thing on all consumer lever devices, I think it would make it a pretty open and shut case. Until that happens, there's always that wiggle room of "oh, well, there was nothing that said I couldn't..." But, if you have to wiggle, you're probably not on the right side of it anyway. :) Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: ChrisG on March 11, 2008, 07:09:31 PM a public wifi hotspot is usable if you are careful about where you go and what you do, for example. ssh'ing into your server and checking your email is perfectly ok on a public hotspot.
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: shawal on March 12, 2008, 07:52:49 AM ChrisG,
I hope you do use ssh2 for all your connections. all your traffice including the intiation of the session is through this wireless access point. we know that ssh1 can be exploited and you can have mitm attack, dns can be intercepted and forced to go to a different server, ssl-vpn they can make you stop by a drive-by site proxy before you hit your target. so in essence there are things we know they are already in the public domain and doable. the things we do not know and people are capable of but quite about it is something else. :-[ may be i am a bit over paranoid Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: ChrisG on March 12, 2008, 08:23:27 AM hey dont get me wrong, paranoia is a good thing, but you have to get stuff done as well.
at a miniumum for us mere mortals just trying to get by the ssh key will change if there is any kind of MITM or DNS trickery and that should big flag to STOP and check things out. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: iSmith on March 12, 2008, 09:04:54 AM hah... we live next to a neighbor with an open wifi connection, and we all use it all the time. :) unethical, huh? The feds have been alearted and are on their way! ;D Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: RoleReversal on March 12, 2008, 10:53:38 AM a public wifi hotspot is usable if you are careful about where you go and what you do, for example. ssh'ing into your server and checking your email is perfectly ok on a public hotspot. Depends on your interpretation. I read a story (Think it was on El Reg but can't find a link, I'll share if I can find it again) about a cafe that had a publicly available AP for its clients. As the story goes a road warrior who was a semi regular customer was running late for a meeting and couldn't remember the clients addressed. Parked (in a legally provided bay) outside the cafe to check his emails and was promptly 'escorted' to the local police station for 'hacking' releated offenses. I'm not going to wade in on the legal/ethical issues as I'm yet to completely make my mind up, I end up agreeing with each argument. However this story should be a fairly stark warning. If you don't have explicit, preferably written, permission then it might be wise to go elsewhere or wait until your back to your own network. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: ChrisG on March 12, 2008, 11:39:55 AM i know this thread has like 3 discussions going on but by public i meant like starbucks or the airport where its free for all. not jumping on your neighbor's wifi
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: EmanoN on March 12, 2008, 12:34:23 PM Yeah right. I didnt know that CEH meant certified ethical hyprocrit! But now I know and thanks.
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1836.msg7329/#msg7329 Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: dean on March 12, 2008, 01:44:19 PM Another issue is that of 'Contributory Negligence' and 'Downstream Liability'. If a person makes use of another person's or company's network to attack someone else the question arises about whether or not the company that was used to launch the attack is responsible in some way. This is especially true if it was possible to prevent the illegal access in the first place. This goes for 'coffee shop' type locations providing open access as well.
While I don't know of any legal case about this. It's a very real possibility. As to whether or not using an open AP is illegal or not: http://www.p2pnet.net/story/12453 Some people seem to think it is. dean Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: eth3real on March 12, 2008, 02:08:28 PM Yeah right. I didnt know that CEH meant certified ethical hyprocrit! But now I know and thanks. http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1836.msg7329/#msg7329 What is that about? Knowing how to break WEP and WPA is part of pentesting. Pentesting means you have explicit consent from the owner, and of course you won't be coming back later just to get some free wifi. Pentesting is to make sure someone can't just come up to your parking lot and break in for some free internet, or worse, access to your servers. As with the wifi hotspots, there is nothing unethical about getting on a Starbucks or airport hotspot. Most of them nowadays will make you agree to a terms of use when you connect, and maybe give your email address. Naturally, if you violate the terms of use, it is no longer legal. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: shawal on March 12, 2008, 02:17:26 PM EmanoN.
::) ChrisG was caught in the act once, no need to point it to us new comers :P Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: g00d_4sh on March 12, 2008, 02:21:04 PM Ohh don't worry about EmanoN. He just pops in every once in a while to make a new 'This is my last post' post where he flames or generally tries to dig up some controversy. I think he's had like... 10 or so 'last posts' total? Mabey more, I stopped keeping count. He didn't like one of the responses ChrisG gave to one of his posts if I remember right, so he seems to keep an eye on anything he posts as well. Kind of fun actually. I consider him our resident forum Troll. Every forum needs a troll. Our's isn't overly active, he just pops in once in a while to blurt something, but he's always missed when he crawls back under the bridge.
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: RoleReversal on March 12, 2008, 02:27:17 PM Yeah right. I didnt know that CEH meant certified ethical hyprocrit! But now I know and thanks. http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1836.msg7329/#msg7329 Not wanting to feed the troll but, EmanoN: thanks for link, ChrisG has some nice instructions in that post. Cheers Chris ;) (Or were you trying to make a point?) Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: EmanoN on March 12, 2008, 03:25:22 PM Actually its more like 37 posts g00d_4sh and I am glad you all miss me. BTW how do these monthly prizes get figured out? I can see that pseud0 deserved it but that other dude? Ha Ha. Seemed liked g00d-4ash made a hell of a lot of posts last month and should have gotten it. I love politics. And yeah I troll this site from time to time, that is when I am not busy hacking your mamas box! Hehe.
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: rance on March 12, 2008, 03:34:21 PM And yeah I troll this site from time to time, that is when I am not busy hacking your mamas box! Hehe. Okay, ewwwww! Oh wait, you meant her computer. Have at it, it's chalk full of forwarded jokes and chain letters. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: RoleReversal on March 12, 2008, 03:40:00 PM Rance,
nicely done my friend ;D Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: eth3real on March 12, 2008, 03:56:23 PM As long as he's doing it ethically, I guess it's okay. ;)
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: don on March 12, 2008, 04:52:33 PM Most mature thing to do with childish behavior is ignore it.
Don Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: ChrisG on March 12, 2008, 07:13:11 PM or ban it, but what do i know...unethical...
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: EmanoN on April 09, 2008, 10:22:19 AM Please tell me you’re not that big of a newb and think it’s so easy to ban someone from a public forum. If you do, then I feel sorry for whoever you do security consulting for. I know I don’t really belong on this forum because I am not part of the so called “ethical” hacking community. I belong more to what you might call the “underground”, but I never have done anything malicious. As Don pointed out, it’s better to just ignore comments on a forum that you might not like. I find myself doing just that here myself often, but occasionally I can’t hold back!
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: iSmith on April 09, 2008, 10:31:09 AM Please tell me you’re not that big of a newb and think it’s so easy to ban someone from a public forum. If you do, then I feel sorry for whoever you do security consulting for. I know I don’t really belong on this forum because I am not part of the so called “ethical” hacking community. I belong more to what you might call the “underground”, but I never have done anything malicious. As Don pointed out, it’s better to just ignore comments on a forum that you might not like. I find myself doing just that here myself often, but occasionally I can’t hold back! Don't tell me that you're an unethical hacker/cracker/dark hat. don't get involved in that... The FBI, CIA, and the rest of the alphabet is watching you Emanon...Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: ChrisG on April 09, 2008, 03:01:38 PM blah blah blah... but occasionally I can’t hold back! you dont belong here because you are a troll and thus far have provided nothing original or constructive to any conversation. if you are so underground then surely there are MUCH better forums for you to impart your vast sums of "underground" knowledge and where your trolling would be appreciated. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: geekyone on April 09, 2008, 03:46:04 PM At least EmanoN is a funny troll! ;)
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: iSmith on April 09, 2008, 05:45:57 PM yeah. i say somebody should remove him from here
Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: EmanoN on April 09, 2008, 08:41:52 PM there are MUCH better forums for you to impart your vast sums of "underground" knowledge and where your trolling would be appreciated. Ha Ha, whatever you say noob. Actually I agree with your entire post 100%. But at least I am not a hypocrite about being “ethical” and at least I don’t get all excited because I cracked my neighbor’s wep and have to hurry and post it on this forum like some giddy teenage cracker because I think it’s the hack of the century. To me you should be more embarrassed by that than any of my so called trolling. But hey, to each his own. yeah. i say somebody should remove him from here And ismith, god I guess you don’t get it. Well if this forum keeps filling up with noobies like you, which seems to be the direction its been going of late, you don’t have to worry about getting rid of me, I will just go! Yes Don please ban me from here so I can teach some of the noobs here how hard that can be on a public forum like this. Hey, I am a nice guy and am willing to do my part to teach people the most basics of the internet if I am called upon to do so. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: Kev on April 09, 2008, 08:56:41 PM I wasnt going to post on this thread but as someone that has been a member of this forum for nearly 2 years I felt I needed to. I think Don should lock this thread since its going no where and certainly has run its course. You dont need to ban anyone, just ignore posts you dont like. I know its hard but believe me if no one responds to someone they think is being a problem, they get frustrated and stop. Its that simple. Starting a cat and mouse game of trying to keep someone off a public forum is waste of time and energy. And could escalate into something no one wants.
Emanon, you are certainly entitled to your opinion, but you really would be taken better if you posted with ,say a better style. Unless your entire intention is to cause problems. I hope not because if you do have the experience you claim, you could be a valued member here. Thats my simple and humble 2 cents. Title: Re: The Ethics of "Stealing" a WiFi Connection Post by: don on April 09, 2008, 10:00:44 PM I am locking this topic, because once again it is going way off the intended path. As for EmanoN:
Quote Hey, I am a nice guy and am willing to do my part to teach people the most basics of the internet if I am called upon to do so. That is all I have every asked of anyone who is a member of this site. So here is your call to action to show your "nice guy" side and share quality information. I'd like to see you start a few threads on your own that truly help the newbies in a positive way to learn something and point them on the right path. Can you do that? I am calling upon you to make a major life change to the white side... that includes who you are, how you are and what you share. Are you up to the challenge? If not, that's OK. I will not ban you, and you are free to "just go!" as you put it. But I am a true believer that people can change, so I will leave the door open for you. That always has been and will continue to be the direction of this site. Don
Powered by SMF 1.1.5 |
SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com |