Wednesday, July 06, 2005

Man arrested for using an open wireless connection

I've made reference in the past to my day-job as a network engineer. There are rare occasions when my more amateur interest in politics and my profession intersect. Today I read about a man in Tampa, FL who was arrested as a result of someone calling the cops over his using an open wireless connection while parked on the street. Here's the basics from the St. Petersburg Times:

::::::::Richard Dinon saw the laptop's muted glow through the rear window of the SUV parked outside his home. He walked closer and noticed a man inside.

Then the man noticed Dinon and snapped his computer shut.

Maybe it's census work, the 28-year-old veterinarian told his girlfriend. An hour later, Dinon left to drive her home. The Chevy Blazer was still there, the man furtively hunched over his computer.

Dinon returned at 11 p.m. and the men repeated their strange dance.

Fifteen minutes later, Dinon called police.

Police say Benjamin Smith III, 41, used his Acer brand laptop to hack into Dinon's wireless Internet network. The April 20 arrest is considered the first of its kind in Tampa Bay and among only a few so far nationwide.

"It's so new statistics are not kept," said Special Agent Bob Breeden, head of the Florida Department of Law Enforcement's computer crime division.

Now, in reading up to this point, you can reasonably get the impression of Smith, sitting in his car pounding away on the keys, actively attacking and circumventing the protections placed on the network by the owner and finally winning his way into full access. You'd be wrong, but you need to read 2 more paragraphs to get that information. Have a look:

::::::::For as worrisome as it seems, wireless mooching is easily preventable by turning on encryption or requiring passwords. The problem, security experts say, is many people do not take the time or are unsure how to secure their wireless access from intruders. Dinon knew what to do. "But I never did it because my neighbors are older."::::::::

The owner of this network knew full well that his wireless access point was operating "openly", knew what he needed to do to fix it, and made a conscious decision to not do it. So, there he is, broadcasting a radio signal on a publicly-available frequency at a power and direction guaranteed to extend beyond his property lines, having done nothing whatsoever to secure access to it, and he's calling the cops on someone for making use of it. Perhaps a more familiar metaphor would help clarify this issue. Imagine for a moment that Mr. Dinon has cable television. He likes to watch his TV outside because the weather is so lovely in Florida and sets up a televison in his driveway with the screen facing the street. He turns the TV on and sets it to a local station. For some reason, when he decides to go back inside, he leaves the TV running. All day, every day. Now imagine someone else - we don't know who - pulls up in his car and parks on the street in front of Mr. Dinon's house in such a position that he can see the TV. He starts watching. Mr. Dinon and Special Agent Breeden want you to accept their assertion that this imaginary situation represents a man stealing something.

Want another one? Mr. Dinon sets up a sprinkler in his yard and turns the water up to the max. The sprinkler tosses water not only all over the yard, but out onto the street, as well. A man walks up, stands in the spray and drinks the water. Theft? I don't buy that. There is a huge difference between a hacker actively supressing access controls and penetrating a network and someone sitting on public ground and receiving a radio signal on a public frequency.

This situation turns completely around the second the owner of the system makes an effort - no matter how small - to control the access to and on his network. Had Dinon done what he admits he knew needed to be done then there's no way Smith could have justs waltzed up and connected. Smith would have had to use some kind of program to crack the access key. With some encyptions - the commonly-used WEP, for example - that's a fairly trivial process. It makes no difference how easy it is to circumvent. The action taken to secure the network is all that's required to show intent that not everyone be allowed on it.

No such actions were taken here and no such intent can be reasonably inferred. How was Smith to know that Dinon didn't leave the access point open on purpose, freely available for public use? If he was arrested for hacking bank accounts or trafficking in kiddie porn, then he should be arrested and prosecuted, no question. If he was using the link to send threatening e-mails, then he should be arrested and prosecuted. But his arrest should be for the crimes of hacking, trafficking kiddie porn, or sending threats, not for the act of connecting to a system that was open to everyone and accessible from public ground.