IT Employment

General discussion

Locked

connecting to unsecured wireless: is it hijacking?

By Ned Rhinelander (CNET) ·
I came in today to my job at CNet Network's Cambridge office, and had to wait in the lobby for a fire alarm to clear.

I pulled out my laptop and decided to see if there were any available networks...turns out there were 10, 3 or 4 of which were not secured. So, I proceded to IM with my colleage Steven upstairs. Before long Steven asked me "so you don't have any qualms about hijacking a wireless connection?"

When I setup a wireless access point, I consciously assume that if I set it to broadcast the SSID and disable security it's tantamount to offering a public service.

However, Steven's question threw me for a loop, because I think he has a point as well...no one gave me permission to connect to the access point. Just because my computer connects automatically doesn't necessarily make it right.

Any thoughts out there on the legalities or general ettiquitte of this?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

The analogies

by Cactus Pete In reply to Use don't abuse

Fine, let's make the analogies hold:

You replace the divots, you return the car after its use. Now?

Collapse -

It would be the same as

by stevebuck In reply to Not a valid analogy

Agreed, it is not a good analogy. It would be the same as connecting your notebook's AC adapter to any available AC outlet to charge up your battery. Is the outlet there for the floor waxer or is it there to freely use to charge your battery? I've seen it in every airport I go to also, someone stretched out on the floor typing away with their AC cord plugged in the wall where ever there is an available AC socket. If that's not stealing, I don't know what is. So, connecting to an RJ-45 port or an AC power receptacle cannot be assumed to be free. Tapping into a wireless network and cracking a WEP key is also a no-no. But if I'm in a public area and there is a free AP connection I'll use it just like the water fountain.

Collapse -

RJ-45 is Different

by bigaldepr In reply to It would be the same as

When radio was first invented, the question arose about the rights and ownership of the airwaves. You are free to receive any signal, and as far as the FCC is concerned you are granted the right to transmit within the certain frequency and power limits. There is no expectation of privacy associated with radio transmitions.

With a RJ-45 connection, to me this like a waste basket or water fountain. If it located in a public place where there is no expectation of privacy and there is no notice posted that its use is restricted, then it would be consider to be for public use. Connecting inside an office on the otherhand would be like looking through someone file cabinets. Privacy is expected.

At a minimum the system manager should provide notification at the time a connection is made that this a private resource and its use is restricted. This is the equivalent to a No Trespassing sign advising you that the owner of the resource considers it private.

Likewise the use of such a resource should not be considered private either. It would be expected that if you used such a resource, the provider could view or copy any files it found. It would be your responsibility to protect sensitive information on your computer. Most coporate policies provide no expectation of privacy even to the employees.

Collapse -

But...

by Christopher.Seward In reply to RJ-45 is Different

I agree with this to an extent, but I can give a personal example of a need for an RJ45 connection in a public area, but not for public use. Many business clients of mine have RJ45 jacks in their waiting rooms, lobbies, etc. This includes private businesses aa well as hotels, and even restaurants. I set these jacks up so that my clients could set up a PC to display information such as which room a particular meeting is in, or welcome to visitors, etc. These are not intended for public use.

Collapse -

disconnect when not in use...

by technicallyright In reply to But...

To alieviate any unwarranted access or attempts to access I have always tried to disconnect inactive jacks when not in use. Especially in public places or meeting rooms. Is this practical? I think so, just make it part of a process. When someone schedules a meeting room or A/V equipment for such a display, have the jack activated for the required time period.

It seems like a lot of extra work but it secures your network in many ways.

As for the wireless hotspot...if it is intended for public use perhaps it should be posted.

I think notifying someone of an open door would be prudent and probably appreciated. As someone else stated, it also makes for good networking.

Collapse -

Putting the blame the right place

by vze2hjtw In reply to Is it really a delemma?

I work for a communication as a field tech and were recently giving a wireless laptop and was amazed as to the amount of open access point there is out there. 1 out of 5 will be secure.
Who do you blame, the vendor, the ISP or the customer? I will put it this way 10% to the vendor, 50% to the ISP and 40% to the customer.
The vendor need to give more information on securing the wireless access point. The ISP must stress the important securing the access point and give instruction on doing it (I recently received a westell 327w modem/router from my ISP and there was no documentation with it after numerous call no one seem to be able to tell me how to secure the wireless access). And finally the customer need to learn the important of a secure network. Just don't buy a wireless network because the salesperson tell you it easy to set up and no need for wires.

Maybe if you shut down a unsecure wireless access then the person will take the time to learn about securing them (Only a suggestion)

Collapse -

Could get you in trouble

by NBPQSECOFR In reply to Putting the blame the rig ...

Now if you shut down, or tamper with the WAP, you are hijacking the network. If you take an unsecured WAP down, then you are committing damage to the business. There is a post further down in the tree (by someone at software-law.com) that talks about the damages.

Collapse -

Ignorance of the Law is no excuse...

by cwoolley In reply to Could get you in trouble

As an attorney, it amazes me that there are so many people that are willing to give their opinion of whether this is legal or not, without taking even a few seconds and finding out what the law says. As I glanced through this thread, I noticed at least 10 opinions that are DEAD WRONG according to the law. There are laws that relate exactly to this situation and people have been tried and convicted for similar cases. FACT: There are laws in almost every jurisdiction that deal with this issue. IMHO it would be wise to look 'em up before you spout off what your legal opinion is.

Collapse -

Ignorance of the Law is no excuse...

by caryyy In reply to Ignorance of the Law is n ...

I don't know where to look for what the law says specifically. Not everyone has the knowledge and resources you have. Help me out cwoolley. Point me in the right direction.

Collapse -

Actually, ignorance is a pretty good defense

by mgordon In reply to Ignorance of the Law is n ...

Have you heard of "strict liability"? It defines those torts (crimes) for which ignorance is no excuse; in fact, for which nothing is an excuse. For everything else, ignorance *is* an excuse although usually only partially. In other words, "intent" is a factor in most crimes; even serious ones -- it is what changes manslaughter into murder. It is why some crimes are a misdemeanor the first time but repeated it becomes a felony; you are no longer considered ignorant if you come before the judge for the same crime. But some grandmother that gets a laptop at Christmas and inadvertently tunes in her next door neighbor's network very likely has no idea. If they are both clueless, their workgroups are both "Workgroup" and sooner or later they'll discover this mysterious extra drive letter and start poking around each other's hard drives! Is it a CRIME? Duh! How can it be? If it is, the blame rests with Intel and Microsoft for putting SERVERS and radio transceivers in the homes of people that don't know what they have.

Related Discussions

Related Forums