IT Employment

General discussion


connecting to unsecured wireless: is it hijacking?

By Ned Rhinelander (CNET) ·
I came in today to my job at CNet Network's Cambridge office, and had to wait in the lobby for a fire alarm to clear.

I pulled out my laptop and decided to see if there were any available networks...turns out there were 10, 3 or 4 of which were not secured. So, I proceded to IM with my colleage Steven upstairs. Before long Steven asked me "so you don't have any qualms about hijacking a wireless connection?"

When I setup a wireless access point, I consciously assume that if I set it to broadcast the SSID and disable security it's tantamount to offering a public service.

However, Steven's question threw me for a loop, because I think he has a point as one gave me permission to connect to the access point. Just because my computer connects automatically doesn't necessarily make it right.

Any thoughts out there on the legalities or general ettiquitte of this?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Public land tresspassing

by Cactus Pete In reply to Private vs Public

It is entirely possible that you are illegally trapsing through public land when your car broke down. Ignorance of a local ordinance is no excuse for having violated it. A public land might be deemed offlimits, say, during the mating season of an endangered species that lives there. No signs are necessary...

Now, just because it's illegal doesn't mean that you'll be prosecuted, either. Every once in a while, common sense about an issue or circumstance trumps regulations and even if you're caught, you don't get charged.

So what does that mean? Not much, I suppose.

Collapse -

You speak of Easements

by mgordon In reply to Private vs Public

Private land is not 100 percent private or exclusive although many people think it is; and as it has been pointed out, public land is not libertarian; it does not mean you can do anything, although again many people are confused about this one.

Certain kinds of urgency or emergency create easements. All emergency workers have easement for instance; police or firemen responding to your emergency, even if you did not call them, have a right to cross your land.

The FCC has very precise rules about who can use radio frequencies and when, but an easement exists for certain dire emergencies.

Since WAPs are fairly new, the concept of "easement" probably needs refinement at law and I would expect to find quite a lot of variability in local law about it.

Collapse -

The problem with this analogy...

by STLtech In reply to If I set some chairs out ...

In your analogy you DELIBERATELY set chairs out in front of your house. If they're sitting back on your property, say on the porch, anyone walking by would reasonably know they can not walk up onto your property to sit in them. If you lined them up in front of the public sidewalk, passersby might or might not assume they are for public use. People who don't lock down their WIFI networks are not TRYING to tempt anyone (unless they?re testing), they?re simply too ignorant or lazy to secure them. I think a better analogy is that of a homeless person who has a need to access warmth, finds an unlocked door in an apartment building and walks in and sleeps in the stairwell. He got in because someone was stupid enough to leave the door unsecured. He steals nothing, soaks up the heat and air overnight and then leaves. He has not harmed the tenants in any way and has deprived them of nothing but still has breached their security and used their facilities without their permission, even if through their own stupidity. Even though no one was harmed by his actions he could still be charged with trespassing. The law protects those who are too stupid or lazy to protect themselves. As to the morality of it, the homeless person could argue in court that there has been no harm therefore there should be no penalty but would the judge buy it?

Collapse -

Alalogy is fine. WIFI has no front porch and property borders undefined

by dcperich In reply to The problem with this ana ...
Collapse -

Federal and State Unauthorized Access Laws

by rnw In reply to Maybe, Maybe Not

Under the federal Computer Fraud and Abuse Act (18 United States Code ? 1030), such hijacking constitutes unlawful "access," which is the first element of the crime. However, under the second element of the crime -- namely, damage --, you cannot be convicted unless damage exceeds $5,000, which likely did not occur in your situation. Interestingly, the damage element can be satisfied (and the hijacking is therefore illegal), if the network owner spends $5,000 in re-securing the network, even if you caused no system or data loss. Be careful, however, because most states have similar laws, some of which require a much lower damage threshold.

Collapse -

Good Post!

by dcperich In reply to Federal and State Unautho ...
Collapse -

Good Post about a Different Subject

by mgordon In reply to Good Post!

It would be a very good post if we were discussing hacking into someone's computer. But we are discussing listening to their radio broadcast and speaking into their microphone which has been placed where the public can speak into it. No "hacking" need take place whatsoever. Most laptops now come equipped to all-but-automatically bind to that unencrypted WAP and many people will make the one or two clicks needed to make the connection without thinking twice. Easier than tuning a radio; because it IS a radio.

Collapse -

But... A donut analogy

by dcperich In reply to Federal and State Unautho ...

We have two quazi-departments on our floor. Often, pleople bring in donuts and set them on the shared coffee maker table. If I'm aware that someone from the other department brought the donughts, should I stay away from them? Some people clearly intend for the donuts to be consumed by all. Others prefer that they be consumed by members of their own department. Isn't WIFI in this kind of no-man's land?

Collapse -

Excellent -- speaks to intention

by mgordon In reply to But... A donut analogy

Indeed it does and it speaks to intention, which you cannot very well discern. You must INFER intention by the nature of the surroundings and what is taking place, how often and by whom.

Suppose you sniff every day for unsecured WAPs from the competition. One day, a previously secured WAP is broken and lets you in. You know perfectly well what the intention was; and could probably be prosecuted, although I'm not sure what law pertains if you only access the WAP but no computer behind it.

On the other hand, in the stated scenario of a lobby, a place of public accomodation in other words, with a presumably long-established unsecured WAP that could have been secured at any time, an "easement" exists, in my opinion, that protects your right of access -- and I don't even say privilege. If it stays there long enough, the easement can become a right.

Suppose for many years your neighbors have taken a shortcut to the city park across your back yard. They've worn a trail. Then one day you erect a fence. I've heard of cases where the landowner can be required to remove the fence and maintain the trail; it has become an easement.

For the astute reader, be sure to secure your corporate access points even if you don't think you need to; in order to prevent just such an easement. It's just my opinion but I have relatives of mine who have ran afoul of easement laws on their private land and were not permitted to build fences or even restrict access to parts of their land.

Collapse -


by Robotech In reply to Federal and State Unautho ...

This is a bad and misleading post. The law you referred to affects SECURED "computers" belonging to a financial institution or a Government institution, not Joe Schmoe's WLAN.
Most (if not all) of the analogies mentioned in this thread fall short of being applicable because they do not take into consideration the technological differences.
The (Modern) INTERNET was conceptualized and designed as a PUBLIC network, not a private one. Radio waves cannot be treated as Cat5 cabling on private premises, because the very nature of radio waves makes them public and accessible by persons outside of your property. Just as satellite TV and cable companies scramble certain signals that are not meant for just anyone, 802.x signals that are not meant for everyone should have basic scrambling of some sort, be it authentication etc.

The illegal part of WiFi access is: Sniffing the signals to break the authentication code, or to steal a MAC address that belongs to a machine that is duly authorized to use the network. Also, trying to break into a node on the network that has a warning about illegal access, or a node that has some security to which we were not given the password.
The issue is best viewed with the following analogy: A park in a residential area has its gate open. This is the equivalent to a WiFi WAP with no security. I can use the park, but I can't change anything or access the Electrical room etc. because the park isn't mine, neither am I responsible for its implementation, maintenance etc.
On the other hand, a Park with its gate open and a sign that says: "Park use restricted to residents of WiFi Gardens only." is comparable to a WLAN that is not meant for Public Access.

I've been to several buidlings where there are several WAPs owned by the same company, some are secured for authorized use only, and others are left open for public use. It would be very hard to prosecute someone for checking his/her e-mail by piggybacking on your 802.x signal, when it is a common/desired practise by so many other owners.
Of course, since the WAP isn't mine, I am not authorized to modify it's configuration or even attempt to modify it, since my intentions would have now changed from browser to intruder. It's like your home. None of us would object to someone running onto our lawn to retrieve a ball, but if it bounces in through an open window, permission is obviously required.

Related Discussions

Related Forums