Unsecured Access Points

[richard]

I moved into a new flat a week ago and today I decided it was time to move my music back off my laptop onto my pc. When I fired my laptop up it went and found 12 unsecured access points within range along with 1 secured access point.

I could not believe it 8O here's me paying for a basic pay as you go dial up connection whilst I waited for BT to sort out the screwup they made over my ADSL move and there a load of people with unsecured access points and when I checked further 10 of them didn't even a have a firewall of any description in place either. So now do I a) carry on paying for my dial-up connection until Thursday or b) Use one of these unsecured access points to access my email and the internet. :?:

Decisions, decisions...

[webman]

As far is the law is concerned, you'd be accessing a network without prior authorisation therefore tresspassing/gaining unlawful entry. But if you do decide to use one, make sure you only login to secure (https) sites - someone on the other end of a WLAN may just be watching the HTTP traffic...

[richard]

I wouldn't do anything illegal. Its just the fact that that there are so many unsecured access points in the area.

[eejit]

Have you actually tried connnecting though? My home WAP would appear unsecured, but it uses an access control list only, so you wouldn't be able to connect to it.

[richard]

Everyone of the unsecured access points will allow me to connect.

[Norphy]

Perhaps you should be a good samaritan and find out who these access points belong to and inform them of the risks. Wander around with a copy of Netstumbler and it'll be easy enough to pinpoint

Perhaps one of them will be so grateful they'll let you use their BB until your DSL gets fitted

[pete]

Perhaps you should be a good samaritan and find out who these access points belong to and inform them of the risks. Wander around with a copy of Netstumbler and it'll be easy enough to pinpoint

Perhaps one of them will be so grateful they'll let you use their BB until your DSL gets fitted

Or perhaps not, the instinctive reaction of most people / businesses when you point out something like that is to shoot the messenger.

[pshuttle]

One my collegues has been using one of his neighbours WAPs for years without there knowledge (just for e-mails and browsing).

I think he sleeps very easily at night too!

Pete

[richard]

Or perhaps not, the instinctive reaction of most people / businesses when you point out something like that is to shoot the messenger.

Or in the case of the place where I live set their pitbull on me

One my collegues has been using one of his neighbours WAPs for years without there knowledge (just for e-mails and browsing).

Thats all I was thinking of doing if I did it.

[Ric_]

A less friendly thing to do would be to 'help' these people set up the security on their wireless acess points (either for money or without their knowledge ).

Most people leave all the settings as the defaults - e.g. SSID for Linksys is linksys so you know the make... browse for the PDF manual (using the person's AP) and find the default admin password :P

[Mitch]

Firstly, you cannot steal bandwidth or steal the use of a wireless access point. Under Section 4 of the Theft act 1968, the definition of property states it has to be tangible, therefore offences under section 1 of the Theft Act 1968 have to be discounted.

Secondly, offences under Section 13 of the Theft Act 1968 (Abstracting Electricity) would not be plausible either due to the fact that I doubt if it could be proved and measured that additional electricity was wasted or diverted due to someone having access. There are offences on the statute book which are more appropriate.

I think the real possibilities here are:

Communications Act 2003
Computer Misuse Act 1990

There are a number of practical problems when it comes to investigating and proving these offences. Firstly, it may be extremely difficult to prove access to an AP without evidence in logs. Many of the wireless access points I have seen do not have logging on as default. Considering the users don’t even switch on encryption, I doubt if any of them have logging.

It would be extremely difficult catching someone in the act of committing the offence. It would also be difficult to prove that if someone left their access point insecure that they were not inviting people to connect. With many of the hot spots available throughout the country, you have no idea it is legitimate until you have actually connected.

If people are wardriving they must set there wireless card into monitor mode, therefore you are only viewing and not connecting.

I was curious, so i got in my car and drove for 15 mins exactly from my house to a local shopping complex and came back. what did i discover

108 Access Points Active
5 Wireless Print Servers
4 of the 108 were WEP Enabled.

I noticed that my next door had wireless unsececured, because i know him well i informed him of this his reply was "not bothered i pay a fix rate if any one wants to connect let them"

Can you believe that !

[Geoff]

I noticed that my next door had wireless unsececured, because i know him well i informed him of this his reply was "not bothered i pay a fix rate if any one wants to connect let them"

Can you believe that !

Indeed. I have a nice setup here at home. I have an open access point setup with a captive portal (NoCatAuth). Once you've filled in some detail's it lets you out on the internet. Access is slightly restrictive (I've blocked P2P for instance and I'm running dansguardian too) but otherwise you're free to do whatever you like.

There isn't anything in my broadband contract to stop this either. It just says I can't resell my service. So I don't. Nieghbours on my street who use my wireless service regularly just give me beer occasionally.

I expect you could offer a similar service in your school if you wanted too. Minus the free beer. :P

[russdev]

i knew someone who worked for company and they where a small company and had unsecure wireless point on the network.

I told them when visiting them one day and boss says yer i know not bothered ...

Well fine then

Russ

[webman]

Food for thought ... in Lancaster :-)

[GrumbleDook]

I am aware of a few people of my aquaintance who were sick and tired of local chavs, who had half-inched some wireless laptops, trying to connect to their home WLAN.

They decided to open it up and through a bit of sniffing and logging, picked up usernames and passwords, personal details (including credit cards and security codes for the cards) and a huge list of websites could be considered unsuitable in a lot of countries ...

When they approached the local constabulary about the hypothetical question about whether they could pass on this information as evidence they were informed that it could not be touched as it may be considered entrapment and that they should take it on as a civil case for invasion of privacy ... and then hand over all the materials to the courts who could then pass it back to the CPS.

This case had recently run, http://news.bbc.co.uk/1/hi/technology/4721723.stm, and so the police were confident there would not be a problem.

As it was they didn't bother with a civil case ... several of the local fats were raided and they haven't had problems since.

But be aware that not only is the unauthorised use of a wireless network illegal (if you don't pay for it, it isn't paid for on behalf of you or you have not been given explicit permission to use it ... then access is unauthorised) but there is legal precedent which makes it easier for you to be charged and convicted of the offence.

There is not a nice "this is what it means" section on the DTI website ... and their response to my query earlier today was "you are a school ... shouldn't you be asking your council or the DfES and not us?"

Strangely enough ... the woman would not give her name and I got the impression that she was not happy that I had been passed around departments and dumped on her ...