IT Employment

General discussion

Locked

connecting to unsecured wireless: is it hijacking?

By Ned Rhinelander (CNET) ·
I came in today to my job at CNet Network's Cambridge office, and had to wait in the lobby for a fire alarm to clear.

I pulled out my laptop and decided to see if there were any available networks...turns out there were 10, 3 or 4 of which were not secured. So, I proceded to IM with my colleage Steven upstairs. Before long Steven asked me "so you don't have any qualms about hijacking a wireless connection?"

When I setup a wireless access point, I consciously assume that if I set it to broadcast the SSID and disable security it's tantamount to offering a public service.

However, Steven's question threw me for a loop, because I think he has a point as well...no one gave me permission to connect to the access point. Just because my computer connects automatically doesn't necessarily make it right.

Any thoughts out there on the legalities or general ettiquitte of this?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Due diligence

by danfugett In reply to Maybe, Maybe Not

My responsibility is not diminished because someone else might have failed to secure their network. It is entirely my responsibility to know if this is a public hotspot or a private unsecure network.

In the end, this is not just about legalities and ethics, but IT citinzenship where technology is emerging. I think we know not to go in a door and get a drink from a refrigerator simply because someone left the door unlocked. Further, we need to not make excuses to be less than responsible citizend.

Dan Fugett

Collapse -

Re: Maybe

by vltiii In reply to Maybe, Maybe Not

I don't have anything of value to add here. I just wanted to acknowledge your animation...very nice!

Collapse -

ty

by Cactus Pete In reply to Re: Maybe

It's been nice to get all the comps...

Collapse -

No Cyber-Trespassing ????

by maxwell edison In reply to connecting to unsecured w ...

.
In my opinion, if there's no law against it, then it's okay. Whether it's nice and/or ethical, however, is another issue. Are you cyber-trespassing? Well, maybe you are, but that doesn't necessarily make it wrong.

If your automobile broke down out in the country, and by taking the most direct route -- across someone's farm -- you were only one mile away from a service station, compared to three miles if you stayed on the roads going around his land, would it be legally trespassing if you took the shortcut? I don't think it would be, unless, of course, there was a no trespassing sign clearly posted. Sure, the land owner could ask you to turn around and leave, but if it's not posted you certainly couldn't get in any trouble for it.

In the case of cyber-trespassing, I might suggest that if such a wireless connection is indeed configured with security measures and such, then that would be the equivalent of a cyber-no-trespassing sign. But if there was no cyber-sign, so to speak, as long as you don't break into his cyber-farm-house, then taking a shortcut across his cyber-land is just that.

On deptrak's suggestion of telling them about their unsecured network, It reminds me of a story I read about a somewhat related incident.

There was a very enterprising network security expert in Houston, Texas who would drive around various business areas looking for unsecured wireless connections. When he found one, he would tap into that company's network and find something that he could show to the business management to illustrate how unsecure their network really was. He would then, of course, offer his services to help them achieve a more secure network. Well, one particular business didn't think too much of his methods, and they called the Harris County Sheriffs Department and asked that the guy be arrested. He was indeed arrested, he had to post bail, and had to appear in court to answer whatever charges were filed against him. However, since he could show that no malice was intended, and that he did not break any existing laws, the charges were dismissed. But he did have to go through the hassle and expense of the arrest and court appearance. (True story. An Internet search could probably reveal the more precise details.)

So I'd say there's really nothing legally wrong with cyber-trespassing. But I might suggest that you remain alert for any cyber-shotguns.

Collapse -

Always loved that story

by Cactus Pete In reply to No Cyber-Trespassing ????

Of course, all Ned need do to inform them of the unsecured access point is tell htem that he saw it while he was in the lobby on his laptop.

Collapse -

I found my own "story"

by maxwell edison In reply to Always loved that story

http://www.theregister.co.uk/2003/02/24/ethical_wireless_hacker_is_innocent/

I did indeed get some of the "details" wrong, but it did happen, and it did happen in Harris County Texas. But the guy actually accessed the County's network, not a private business. And there was more to the story as well.

I like my version better. I think I'll stick with that one. (That's how urban legends are born, you know.)

And I realize that you were suggesting an innocent "heads-up" to that business. But it just reminded me of the story.

Collapse -

I think it is highjacking/trespassing

by IT_Lobo In reply to No Cyber-Trespassing ????

Trespassing law could apply to wireless access points.

If you think it is wrong, IT IS WRONG.

Technically, a person violates the law against trespassing by knowingly going onto someone else's land without consent.

Collapse -

Right or Wrong versus Legal or Illegal

by maxwell edison In reply to I think it is highjacking ...

.
In some jurisdictions trespassing is an offense that is covered by a specific criminal code. In other jurisdictions, however, it is not considered a crime because there is no criminal code on the books. Moreover, I believe the circumstances could determine whether or not a transgression took place. For example, there's no way I could have someone arrested for going into my unfenced backyard without my consent. What if I lived on a golf course, for example, and people came into my yard to retrieve their errant golf shots? What if school kids cut across my unfenced yard as a shortcut? I didn't necessarily give the kids or the golfers my permission to do so, but I didn't put up a fence to prevent it either. If I tried to have them arrested for trespassing, I'd probably receive a tongue-lashing for wasting the officer's time.

Collapse -

I'm glad someone finally shares my viewpoint on this!

by UncleRob In reply to Right or Wrong versus Leg ...

Thanks Max, Excellent point!
If you don't secure your WLAN, you can't complain if someone hitches a ride on your network connection. If it means that much to you that you can't tolerate unauthorized access to your WLAN, setup the necessary security to prevent it from happening in the first place.

Collapse -

Of course!

by Cactus Pete In reply to I'm glad someone finally ...

All APs that should be secure, should be secured!

But that doesn't mean it's OK to take advantage of an open access point.

Sure, they might not mind for anyone connecting in a "onesy twosy" fashion, but I'm sure they don't want you to make a habit of it, either.

Just because someone is stupid doesn't make you right.

Related Discussions

Related Forums