Hijacking a broadband connection

I assume that, while people can access his connection, he's happy that he has sufficient security over access to his hard drives that no one can see them and plant stuff on them.

Or did you mean the traceability of his IP address from someone access illegal material? His public statement about the wide openness of his connection *ought* to be a pretty effective defence, but I appreciate it comes at the cost of "pay to play" it. He might well have been without his PC (and his front door) for some time before he gets to make his case

Brian

So, I visit my local Starbucks expecting there to be a free wi-fi connection (because I read somewhere in a newspaper that there is such a service). I connect to the strongest signal and it happens to be the office next door.

And I've comitted an offence. I hope not.

tim

Rather than an open domestic front door, I think it is more like a shop or office with the sign "Internet Access Here" and an unlocked door. Someone using WiFi will see your 'sign' (as a network available to use) and when they attempt to use that connection it is like pushing the shop door, finding it open, entering and making use of the facilities inside.

Though maybe a better analogy would be a public convenience. You would not expect to go along a street trying all the house doors and entering one which was open and using the loo in one you found open. But if a door has a sign "Ladies" or "Gentlemen", as appropriate for your sex, and is unlocked then it is an invitation to enter if you wish to relieve yourself.

If the police monitored his IP swapping illegal material on Kazaa and then raided his house, they would only need to find a couple of dodgy thumbnails and he would get done, regardless of whether he was the one doing the downloading.

Using MAC filtering on the router with the changed SSID is another good step. While a MAC address can be falsified by a freeloader, those that do so are definitely aware of what they are doing with their hijacking and thus legally can be shown to have intent. Inadvertent hijacking can well be a valid defence but all WiFi networks should have some level of security in place, even if it is only changing the SSID from the default "out of the box" setting.

With the large number and proximity of WiFi networks now appearing, even residentially, and the limited number of useable channels available, at least different SSIDs usually means that a few different networks can co-exist on the same channel without undue stress or problems. With a common SSID, who knows where you might be connected!

Pierre

automatically deleted.

That's not the point. He is almost certainly against his ISPs terms and conditions, all the ones I've seen hold the account owner responsible for all activity and ban use of the connection for illegal purposes. Or for spamming and other net abuse, which would likely get him closed down by his ISP.

If I make my car available to any takers, and it is used to commit a crime, I will be charged as an accessory to that crime. I see no reason that providing an "open to anyone" service wouldn't be treated as the same. Plus unless he keeps detailed logs of all transfers he has no way of proving that it was someone else who did the transfers. Since there is no "common carrier" law in the UK, the person who provides the facilities is liable for what is done with them.

And it probably won't just be his PC, they'll take anything which could hold any 'dodgy' material and it will be up to him to try to get it back (and no guarantees of the condition it will be in).

Chris C

See Godfrey vs. Demon. Plus an ISP has customers and contracts with them which forbid the use of the connection for illegal purposes and state that any such use is the customer's responsibility (hire car companies do the same).

But without anyone to pass the blame onto, no proof that it wasn't himself who acted illegally.

Really? Oh well, he'll find out. Think of it as evolution in action...

Chris C

If he has any common sense he would say thank you. This is no different than pointing out that their back door was blowing open and closed in the wind while they were away.

Sure, the same people who buy stuff and just cluelessly plug it in at home also do it at work. Wireless maunufacturers took the easy way out by producing equipment that comes up in pants down no security mode as soon as you connect it.

Chris Croughton wrote: | On Thursday, 28 Jul 05 18:08:32 GMT, Mike | wrote: | | > Why? He's no more liable for the actions of people who use his WiFi node | > than an ISP is liable for the actions of its customers. | | See Godfrey vs. Demon.

I'm very familiar with that case. Demon was liable *only* because it ignored a request to cease publication, *not* because its facilities were used to publish the libel.

| > Indeed, he's acting as an ISP himself. | | But without anyone to pass the blame onto, no proof that it wasn't | himself who acted illegally.

That's not how the law works (in general). The police would have to prove that he had done the illegal act. He wouldn't have to prove that he hadn't.

Mike.

If we're going into analogies, utterly secured networks are a bit like unfenced land, people will wander into them, either because they assume it is allowed, or they just don't notice. Putting any kind of security that someone will need to circumvent in place, no matter how easy it is to bypass, tells people that you don't want them on your network.

Do you also believe that it is morally wrong to offer complete strangers something for free? Is it then wrong for such strangers to take advantage of your offer? Especially when doing so is costing the offerer nothing at all (above what they are paying anyway)?

Because that is the position a lot of the time.

No sympathy for *what*? What harm has been done by using the person's network? They probably would not know about it and never find out. So why should they get upset at all?

I guess I am a bit unusual, in that I have always been pretty unconcerned about people using whtever I have when it of no diadvantage to me. When I owned a house with a swimming pool, my retired neighbours knew they were welcome to have a swim whilst I was at work, and frequently did so. In return I enjoyed an excellent relationship with them and often arrived home to find a crate of beer on the doorstep. People also got to know that they were welcome to take fruit from the trees in my front garden so long as they did not cause damage. I usually have a tin of biscuits on my desk that everyone knows they are free to dip into when they pass. If I have hired an aircraft and not all the seats will be used, I'll invariably ask around to see whether anyone might like a flight.

I have never really thought deeply about the possibility that doing such things may be seen as suspicious or put me at significant risk of legal action.

What harm could be done though? Lots.

Well the harm *may* be that they may be using the connection for criminal purposes.

Or they may be using a lot of bandwidth - quite a few ISPs charge by the amount of bandwidth used, and he wouldn't know which ISP the hacked user was with.

With Plusnet, for instance, you can have services capped at as little as

And even if they don't, all ISPs base their charges on what is a sustainable level of usage for them. If this type of connection sharing becomes commonplace, then the total useage per subscriber will be higher, and costs for everyone will rise.

Which is no problem, except that it *may* be of disadvantage to you here.

I don't think it does either, in itself.

It does put you at risk of *investigation* for any criminal activity that is traced to your connection. Whether that is a significant risk, I would not like to say.

You can easily shut a back door. I think there is a risk he would perhaps say something like "oh, I don't understand these things, and the man from BT/my brother/a friend of mine came in to set up my router. I wouldn't know how to set up security. What are you saying - you can't stop your kids accessing my system and maybe rummaging through my files or downloading copyrighted music on my broadband connection? That worries me. I think I'd better talk to my lawyer. And no, I don't want you fiddling with my router and changing the settings in ways that I don't understand, thanks very much. "

Response from me would be - "I was alerted to the fact your network could be accessed. It was an accident, and couldn't have happened if it had been made a bit more secure. Although we're unlikely to ever access it again, it isn't beyond the realms of possibility that someone else may find your network is open, and either make use of the internet through it, or try 'breaking in' to any computers you have on at the time. Just thought I'd better let you know - oh, and here's a website [hand over post-it note with URL!] which describes the need for security with Wi-Fi"...

I don't have a URL for such a site, nor do I have any wireless kit to even know if someone around here is tempting fate, but it'd hopefully be taken as constructive (and mild) 'criticism', or just a friendly word :-) PGM.

Of course not. If a thing is yours, it's yours to give, lend or sell as you please, and presumably you'd make the situation clear to all concerned. I thought we were talking about the *taking* of something belonging to somebody else. I simply offered the thought that we should not automatically assume that somebody else's property is on free offer unless otherwise indicated. In fact, it has been customary in the past to assume the reverse, i.e. leave alone unless otherwise indicated, so why should it be any different just because it's an electronic service and not a physical object?

Rod.

My goodness it doesn't take much to pass the Turing Test these days. We need to distinguish between, on the one hand, brainless electronic equipment following automatic procedures which are built into them during manufacture, and of which their owners are probably unaware, and on the other hand, a human being knowingly making an offer. It's quite common to talk loosely of electronic devices "talking" to each other, or "negotiating", or asking and receiving "permission", but taking this too literally leads to sloppy thinking as it isn't ther same thing. An electronic device following its program and responding to another electronic device doesn't amount to "permission" at all, unless it has the backing of a sentient being who knows what it's doing and wants it to behave in that way.

Rod.