IT Employment

General discussion

Locked

connecting to unsecured wireless: is it hijacking?

By Ned Rhinelander (CNET) ·
I came in today to my job at CNet Network's Cambridge office, and had to wait in the lobby for a fire alarm to clear.

I pulled out my laptop and decided to see if there were any available networks...turns out there were 10, 3 or 4 of which were not secured. So, I proceded to IM with my colleage Steven upstairs. Before long Steven asked me "so you don't have any qualms about hijacking a wireless connection?"

When I setup a wireless access point, I consciously assume that if I set it to broadcast the SSID and disable security it's tantamount to offering a public service.

However, Steven's question threw me for a loop, because I think he has a point as well...no one gave me permission to connect to the access point. Just because my computer connects automatically doesn't necessarily make it right.

Any thoughts out there on the legalities or general ettiquitte of this?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Opportunity Strikes

by cdougherty In reply to Putting the blame the rig ...

I've often scoured my neighborhood and found AP's that were unsecured. I went home, printed up flyers with information about the dangers of operating an unsecured AP and gave my email address for anyone interested in having me come to secure their AP. I charged $25 to come in, change their SSID and set MAC lists with a key and off to the bank I went. In two weeks I made $400, not a bad take for 10 minutes worth of work. Instead of taking advantage and riding someone else's pipeline, use your "expertise" and provide a service to those around you. My two cents.

Collapse -

Opportunity Strikes

by MaxPower1111 In reply to Opportunity Strikes

No doubt your intent was honest and just.
But, to actively seek/find and offer to fix a vulnerability, without the owner of said resource first requesting that you do so; is a direct violation of federal computer crime laws. Believe it or not it's considered a form of extortion.

I can?t quote the actual legal term, (part: section), but I recall reading about it here at TechRepublic. The law was put on the books after someone less upstanding than yourself, actually hacked corporate networks then offered to ?help fix their vulnerabilities?. He was busted in a sting operation in Europe, and the law was subsequently passed.

So just be careful.

Collapse -

Read Carefully

by rojackson In reply to Opportunity Strikes

The writer said that he noticed that there were several open AP's. He printed flyers and let people know that he could secure AP's. He did not say that he actively entered the networks or hacked systems and then approached the owners.

The writer's initiative and entrepenuership should be applauded.

You can't help but notice an AP if it is broadcasting it's SSID that isn't breaking the law.

Collapse -

Hijacking???

by wcp83 In reply to Maybe, Maybe Not

You were in the lobby so it was probably meant to be, but if it was not then I think its ok because you have an administrator that is not doing his/her job. I would bring it to their attention and let them know. If that was left that wide open then just imagine what their wired network security must be like?????

Collapse -

It si a dilemma !

by lipl1 In reply to Maybe, Maybe Not

If you go out and it's waiting for you to use I don't feel it is truly hijacking. To me "hijacking / trespassing" is braking into a secured system and yes you should at least attempt to let the local admin know.

Collapse -

"Hijacking"

by KTC In reply to It si a dilemma !

I was under the impression that "Hijacking" was ANY unauthorized use of a wireless network. As an IT consultant, I can "sniff" around to find wireless nodes and to see if they are secure or not but, once I've "jumped onto" an unsecure wireless network, I have broken the law.

If you are unsure whether its a public node or not, it is your responsibility to find out if you can use it or not.

It is up to a company to make a node secure, if they wish. But, if they want to make it secure and didn't, that falls under the category of stupidity and negligence. I believe that from a legal standpoint, it's not up to the company to keep you off, its up to you to stay off.

Just because IBM and Microsoft have pretty lawns out in front of their buildings doesn't give me the autority to spread out a blanket and have a picnic, even if there are no "no trespassing" signs.

Collapse -

Lawn or Park?

by kobrak In reply to "Hijacking"

Someone's front lawn is a wired network. A park is a public wireless network. Not the same thing. No one has ever assumed that Microsoft's front lawn was a public park to be explored by all. Yet some wireless network HAVE been set up for this exact purpose.

Collapse -

House, Lawn or Park?

by rmorrison In reply to Lawn or Park?

I disagree. Someones house is the wired network, their lawn is the wap, and the public park is the public wireless network. Just like if I forget to lock my door to my house that does not give you the right to walk in and sit at my computer and go to the net. As I read earlier, you would know if that wap was setup to be open to the public, and if your not sure guess what, it probably isn't. I agree that it is the responsibility of every admin to make sure that the security for their network is setup tightly (both wired and wireless), but their mistake is not an invitation to "walk in the door".

Collapse -

Expectation of Privacy

by mgordon In reply to House, Lawn or Park?

What I would like to see more, is recognition of the "expectation of privacy" that pertains in so many other areas of public/private conflict.

In a public place, I can take your photograph and do quite a lot with it. If you are in your backyard, I can still take your photo with a telephoto lens but I am very limited in what I can do with it. If you are in your home, I cannot deliberately take your photo through your window with a telephoto lens -- you have a "expectation of privacy".

Now then, obviously your expectation might differ from someone elses, so a sort of community standard exists; in Hollywood for instance the paparazzi have changed the expectation of privacy somewhat.

In a rural neighborhood, lets say a small but dense concentration of single family dwellings or apartments, we can assume that people have installed WAPs for their own convenience, often to let their neighbors share an internet connection, but do not expect to have total strangers on it. They could perhaps make a case for privacy. But an office on main street whose signal covers several thousand square feet of public street and sidewalk; or the stated circumstance of an office building lobby which possesses a type of public easement, does not have that expectation of privacy and on the contrary, if the PLACE is public, or is a place of public accomodation (good way to tell is that if the ADA [Americans with Disabilities Act] pertains, then it is a place of public accomodation) then one can infer that wireless signals that are unencrypted are meant to be unencrypted and available.

I don't even want people bothering me with it. If I put a WAP in the lobby, please don't every one that uses it come bothering me, "Oh, I found a WAP signal in the lobby! Did you know?" "Yes, thank you, I put it there. Enjoy."

Now then, as to discerning intention; if it is not encrypted and the SSID is not "Linksys", then it is deliberate. If the SSID is "Linksys" and it is not encrypted, then yes you *could* be dealing with an idiot that did not mean for it to be public.

Collapse -

BRAVO!

by rojackson In reply to Expectation of Privacy

Well put...nuff said

Related Discussions

Related Forums