The Ethical Hacker Network - The Ethics of "Stealing" a WiFi Connection

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4169

Editor-In-Chief

The Ethics of "Stealing" a WiFi Connection

« on: January 03, 2008, 11:13:46 PM »

Great starting point for a debate on the topic is a writeup by Eric Bangeman, Managing Editor of Ars Technica.

Quote

Network security firm Sophos recently published a study on what it terms WiFi "piggybacking," or logging on to someone's open 802.11b/g/n network without their knowledge or permission. According to the company's study, which was carried out on behalf of The Times, 54 percent of the respondents have gone WiFi freeloading, or as Sophos put it, "admitted breaking the law [in the UK]."

Amazingly, accessing an unsecured, wide-open WiFi network without permission is illegal in some places, and not just in the UK. An Illinois man was arrested and fined $250 in 2006 for using an open network without permission, while a Michigan man who parked his car in front of a café and snarfed its free WiFi was charged this past May with "Fraudulent access to computers, computer systems, and computer networks." On top of that, it's common to read stories about WiFi "stealing" in the mainstream media.

It's time to put an end to this silliness. Using an open WiFi network is no more "stealing" than is listening to the radio or watching TV using the old rabbit ears. If the WiFi waves come to you and can be accessed without hacking, there should be no question that such access is legal and morally OK. If your neighbor runs his sprinkler and accidentally waters your yard, do you owe him money? Have you done something wrong? Have you ripped off the water company? Of course not. So why is it that when it comes to WiFi, people start talking about theft?

The issue is going to come to a head soon because more and more consumer electronics devices are WiFi-enabled, and many of them, including Apple's iPhone and most Skype phones we've used, come ready out of the box to auto-connect to open WiFi networks. Furthermore, as laptop sales continue to grow even beyond desktops, the use of open WiFi is only going to grow along with it.

See full story here:
http://arstechnica.com/news.ars/post/20080103-the-ethics-of-stealing-a-wifi-connection.html

Don


« Last Edit: January 04, 2008, 11:21:51 AM by don »	Logged

CISSP, MCSE, CSTA, Security+ SME

dannioni

Newbie

Offline

Posts: 44

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #1 on: January 04, 2008, 06:56:12 AM »

This is an interesting subject, I've had this discussion with my parents a couple of times Tongue

, First hacking a encrypted networks is criminal, that' breaking into the house. But I use open networks to check my mail or just read on the internet, and I find nothing wrong with that, my little amount of traffic doesn't affect their internet speed, do most probably won't notice and even less care that I use their networks. No if you want you network private you need to encrypt it. Fon (www.fon.com) is also worth mentioning. Several ISPs where I lived has forbidden it's customers to provide free access to others, and threatening to shut off their internet. So when did ISPs gain he right to tell us what do o with our connection?


	Logged

vijay2

Full Member

Offline

Posts: 220

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #2 on: January 04, 2008, 07:05:39 AM »

This is a very volatile topic and always pawns discussions with the security professionals. I would like the put in my 2 cents here, these are results of numerous discussions with security professionals.

Beware of the law of land if and when you use open wireless network, mostly in US it is illegal. The fine line is drawn here is - as soon as you grab/obtain an IP address on a open wireless network without permission, you are in violation.

I picked up a great analogy - open wireless access points is equated to a house door left unlocked, and in that context, if someone left the front door open does not mean that you can go and break in and steal from the house.

Also, there would be case where the wireless access points are left open intentionally for phishing and steal your information.


	Logged

GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+

dannioni

Newbie

Offline

Posts: 44

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #3 on: January 04, 2008, 07:42:41 AM »

Yes, so network is unencrypted and a dhcp server is offering IP addresses to *everyone* that ask, how can that possibly illegal? I understand that many don't know what they're when they set up wlans and their rights should be protected, But if you don't have a door to your house and somebody breaks into your house you won't get any money from the insurance company, the same should apply to wlans.


	Logged

g00d_4sh

Sr. Member

Offline

Posts: 394

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #4 on: January 04, 2008, 11:44:01 AM »

It is kind of an iffy issue. I have never thought of the 'leaving your door unlocked/open' argument before. And honestly I've always considered it rather silly for people to be fined or jailed for using what is being broadcast all around them. The 'leaving your door open' argument is somewhat compeling... though it strikes me that there is a difference. Your door doesn't extend into your neighbors lawn, the street, or farther down the street. It's almost more a case of someone walking accross your lawn when you don't have a fence up. Now... if you put up a fence, and someone jumps over it to get somewhere, getting pissed is a tad expected. If someone walks over your lawn to cut a corner, and you have no fence... no gate, nothing... well I say relax. As long as they arn't bringing their dog over to crap on the lawn, no harm no foul.


	Logged

"Bad.. Good? I'm the guy with the gun"

rance

Full Member

Offline

Posts: 212

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #5 on: January 04, 2008, 11:57:28 AM »

I've used the reference vijay quoted before. Just because the door is left open, it doesn't give you the right to come in.

Also, it's very rare that you'll "accidentally" use someone's WAP. You have to make a conscious decision to access their network. Again, just because the signal is there, doesn't give you the right to use it. In that theory, having a decryption system for satellite TV is fine and dandy, because the signal just happens to be being broadcast to your location; never mind the rights of the content owners.

While it's true that users need to be responsible for the technology they use, we all know that's just not true. No patch for human stupidity, as they say. Again, that doesn't give you the right to utilize someone else's stuff.

So, for one, you're accessing a private network without authorization. That's a crime, period. Second, you may be violating the ISP's Terms of Service (and in turn, the legal customer of the ISP is violating the ToS) by having computer not owned by the customer "sharing" their network.

Now, why is it illegal? While the intentions of some may just be to check some email or hop on mapquest because they are lost, anyone reading these forums will probably know what kind of havoc can be wreaked with a little ARP spoofing and some Man in the Middle action. Let alone default open shares on machines and such. So the law is there to protect the ig'nint.

Okay, getting a little too preachy for my second post here, better stop before I really bury myself.


	Logged

Poking at security since 1986. +++ATH

vijay2

Full Member

Offline

Posts: 220

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #6 on: January 04, 2008, 12:12:39 PM »

g00d_4sh,

I agree its a iffy issue, and I dont play or pretend to be lawyer here, but taking your own argument further, lets say I have a open WLAN (open door) and the signals extends everywhere ( shows up in your Wireless LAN Discover ). This OK till this point because you did not click on it to connect it. The monument you click the "connect" you had a intent (opening the unlock door = "break in"). Hope i did convey a point.

This is always a fun discussion.


	Logged

GPEN GCFA GCIH CISSP CISA GSEC OSCP C|EH Security+

!Sack!

Newbie

Offline

Posts: 2

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #7 on: January 04, 2008, 01:50:51 PM »

I agree with the artical. I think open WiFi connections should be classified as a "fair use".


	Logged

g00d_4sh

Sr. Member

Offline

Posts: 394

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #8 on: January 04, 2008, 02:14:14 PM »

I understand your point vija2, I just personally view an open WAP more in the way of walking over someone's unfenced lawn. Is it impolite? Yep. Is it possibly trespassing? Well.. not technically if there is no sign specifically telling you not to walk on the lawn... but it's still close. Is it something I would fine someone for? Nope.

If a person has to break an encryption, even one as useless as WEP, then they are jumping over your fence... and tromping through your obviously protected lawn. That's the point to fine them. Or... if they're driving their car over your lawn (doing some big p2p downloads sucking all your bandwidth?)... then fining them and getting pissed is very reasonable. But if you have no fence (encryption), no sign saying 'stay off' (NAC?), and someone wants to take a shortcut over the corner of your lawn to get to where they are going (the internet)... then I really have little pity for you. If they're doing it a lot... (someone next door in an apartment sucking off your internet for free)... then they are an 4ss, and should be slapped. But the occational skip over my lawn has never bugged me. And I honestly have done it myself when I wanted to cut some time.


	Logged

"Bad.. Good? I'm the guy with the gun"

slimjim100

EH-Net Columnist
Sr. Member

Offline

Posts: 385

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #9 on: January 04, 2008, 04:56:56 PM »

For you guys in the USA here is some assitace on the issue:

Computer Hacking and Unauthorized Access Laws

http://www.ncsl.org/programs/lis/cip/hacklaw.htm

pick your state and try to make heads or tails from the legal jargan.

I will keep my comments about the issue neutral but I do believe with everything going plug-in play it would be very easy for an unknowing person to hook to an Open AP. My kids did this with there Wii (gaming console). Once I noticed it was online updating and asked the how they knew the encryption key they just said they pick one on the screen ( they are 8 & 10 years old). I then put the correct AP in and entered my info but the idea of how more devices look for open internet connections makes me believe that this could also be an issue for vendors to address too.

Brian


	Logged

CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP

geekyone

Full Member

Offline

Posts: 180

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #10 on: January 04, 2008, 05:51:53 PM »

I think the issue is really about whether an open unsecured WiFi connection can be considered an invitation to use the network or not. That could actually be the owners intention. For example the owner could be sharing their Internet connection with their neighbor (maybe they went halves on the Internet bill). Now this would probably violate the ISP's TOS but it wouldn't be illegal. In this scenario the issue becomes less murky because the owner is intending their network to be shared with anonymous users. The question is since they didn't put a big sign out front saying "Please feel free to piggyback my network!" does the open connection itself imply that it's OK to connect. Now in IL (My great state Roll Eyes

) the issue is fairly straightforward. See quote below (Thanks for the link Slim).

"Sec. 16D‑3. Computer Tampering.
(a) A person commits the offense of computer tampering when he knowingly and without the authorization of a computer's owner, as defined in Section 15‑2 of this Code, or in excess of the authority granted to him:
(1) Accesses or causes to be accessed a computer or

any part thereof, a computer network, or a program or data;"

IL clearly says "without the authorization of a computer's owner" which I think indicates that you need express permission from the network owner to use the network but I am not a lawyer so I could be wrong. Although Slim's kids would be OK in IL since they include the "knowingly and with out authorization" so if you don't know any better your fine. This is one case where being IT clueless would actually be an advantage. Well that's my 2 cents.


	Logged

CISSP, CEH, GPEN, GCIH, GCFA

dannioni

Newbie

Offline

Posts: 44

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #11 on: January 06, 2008, 05:21:44 PM »

And sadly most of the guys with unencrypted networks doesn't have a clue what they're doing, so really it's their right we're talking about, the one that willingly pen their networks are dwarfed by the unknown mass, so if you see a unencrypted network most probably you're not allowed to use it. Hypocrites as me still uses it Cheesy


	Logged

geekyone

Full Member

Offline

Posts: 180

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #12 on: January 15, 2008, 03:30:50 PM »

In case someone hasn't seen this. Here is Bruce Schneier's view on wireless security.

http://www.schneier.com/blog/archives/2008/01/my_open_wireles.html


	Logged

CISSP, CEH, GPEN, GCIH, GCFA

iSmith

Full Member

Offline

Posts: 157

Do or do not. There is no try. - Yoda

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #13 on: March 11, 2008, 02:40:51 PM »

hah... we live next to a neighbor with an open wifi connection, and we all use it all the time.

unethical, huh?


	Logged

In my eyes, your operating system is as solid as swiss cheese.

rance

Full Member

Offline

Posts: 212

Re: The Ethics of "Stealing" a WiFi Connection

« Reply #14 on: March 11, 2008, 03:53:28 PM »

Quote from: iSmith on March 11, 2008, 02:40:51 PM

hah... we live next to a neighbor with an open wifi connection, and we all use it all the time.

unethical, huh?

The feds have been alearted and are on their way! Grin


	Logged

Poking at security since 1986. +++ATH

Pages: [1] 2 3 Go Up

« previous next »