backtop


Print 42 comment(s) - last by root mean sq.. on Mar 26 at 6:47 PM

You may still be able to leech off other people's wireless networks for a little while longer thanks to the House Judiciary Committee

With growing concerns over internet security, one Maryland delegate decided to take action.  Brought before the Maryland General Assembly last week was a bill sponsored by LeRoy E. Myers, Jr. criminalizing unauthorized use of a wireless access point anywhere in the state.

The legislation was brought forth when Myers noticed his WiFi connection was being used by a neighbor without his permission. According to The Herald-Mail, the neighbor claims he bought a new laptop and thought he was accessing the internet through a cable TV hookup.

Under the legislation, House Bill 1377,  any person intentionally accessing another person’s computer or network without authorization will face up to three years imprisonment and up to a $1,000 fine. Any persons attempting to access an unauthorized network to cause harm to another person’s computer or cause harm on the internet could face charges up to ten years in prison and a $10,000 fine.

Several critics of the bill claim that: 1) To track who accesses another person’s network would be entirely too difficult and 2) owners should set passwords and secure their networks if they do not want someone else using it. 

"A technically unsophisticated user, such as a visiting parent, or simply a houseguest unfamiliar with the home's Internet could and probably would choose the first available network,” wrote a public defender’s office in a written testimony opposing the legislation. “A more effective way to prevent unauthorized access would be for owners' to secure their wireless networks with assistance where necessary from Internet service providers or Vendors."

Currently the House Judiciary Committee has deemed the bill an “unfavorable report”, so the likelihood if its passage is very unlikely.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

I live in Maryland
By OrSin on 3/25/2008 9:34:59 AM , Rating: 4
This law is stupid. My neighbor uses my internet connection all the time and I dont care. If I cared I would block them (I have at times). I'm all for making it a law if they do something wrong to your system, but access a unsecure gatewall should be be against the law. Hacking a secure one even if you do nothing wrong should be illegal.

To me it like cutting though someone yard. Remember we all did it as kids. If they got no sign or no fence, then really its not against the law. IF they complain to police then you stop but no cop on this planet will arrest anyone for walking though a someone yards with no signs up.




RE: I live in Maryland
By tastyratz on 3/25/08, Rating: 0
RE: I live in Maryland
By FITCamaro on 3/25/2008 9:44:39 AM , Rating: 3
Well the big problem I think is that most people with wireless routers don't go buy them. They get the router from their cable company. And when the cable guy comes to set it up, they just plug it in without configuring any kind of wireless security because the cable company doesn't want support calls of "I turned on my laptop and I can't connect to the wireless router your guys set up. It says I need some kind of password."


RE: I live in Maryland
By darkpaw on 3/25/2008 10:26:43 AM , Rating: 2
That is true of the DSL companies from my experience, Qwest always provided a DSL modem with built in firewall/wireless capabilities. The cable companies still won't even support running a firewall at all. Cox in Phoenix (as of 2006 at least) and Comcast in VA (currently) both refuse to provide support unless a machine is plugged directly into the cable modem (as a security expert that very suggest made my skin crawl).

I think things have gotten better, it used to be that 90% of the wireless networks I saw were unsecured. Now, very few of the networks I can see from my apt are unsecured. That said, I put responsibility on securing those networks solely on the shoulders of whoever installs it. If it is installed by the ISP, they should configure and support it securely. If it's installed by the user, they should have that responsibility.


RE: I live in Maryland
By Vinnybcfc on 3/25/2008 1:42:29 PM , Rating: 2
Nice and everyone generally blames the users for the spread of viruses and worms.

Most companies in the UK (ADSL and Cable) offer free firewall software for a year, it normally tells you/asks to install during installation of the modem.

They are more sloppy with wireless security though that has been changing recently with routers being sent out with preinstalled keys.


RE: I live in Maryland
By artemicion on 3/25/2008 11:53:46 AM , Rating: 1
this is interesting - i would have assumed that the ISP's policy would be to set up security because if they set up an unauthorized wireless network in a fairly dense apartment building, there's 5-10 apartments getting free internet, hence 5-10 less subscribers.

I wonder if the non-secure wireless network policy is only for less dense residential areas, such as homes on fairly large properties so that neighbors are largely out of range of the network?

Reading the headline, I suspected maybe the law was being pushed by large internet provider companies in order to force leechers to open their own accounts.


RE: I live in Maryland
By Mojo the Monkey on 3/25/2008 4:02:39 PM , Rating: 2
well, you should consider that the law is more ambiguous than just trespassing here. If I tap into my neighbor's wifi, I'm accessing signals that are penetrating my apartment , right? Granted, I send some back, but I'm just saying its not as cut and dry.

Maybe its more like a fruit tree with a branch hanging over the fence.


RE: I live in Maryland
By BladeVenom on 3/25/2008 10:14:53 PM , Rating: 2
If I can hear my neighbors stereo, am I stealing music?


RE: I live in Maryland
By roadrun777 on 3/25/2008 11:27:01 PM , Rating: 2
Yes, and if you record your neighbors music with a digital device then the RIAA will come and arrest you then charge you $50,000 for each song as lost revenue.


RE: I live in Maryland
By JackBurton on 3/25/2008 9:53:25 AM , Rating: 2
Aircrack can crack WPA-PSK but it can't crack WPA-AES, let alone WPA2.

Lesson, if you don't know how to secure your AP, that's YOUR problem.


RE: I live in Maryland
By darkpaw on 3/25/2008 10:28:10 AM , Rating: 2
WPA isn't crackable, but given the passwords used by the average user it can often be brute-forced.

Even after all these years, people don't seem to understand that using password (or any other common word) for your password is a really lousy idea.


RE: I live in Maryland
By thornburg on 3/25/2008 10:40:00 AM , Rating: 3
quote:
Aircrack can crack WPA-PSK but it can't crack WPA-AES, let alone WPA2.

Lesson, if you don't know how to secure your AP, that's YOUR problem.


Even if you just use "64bit" WEP, you still are doing something to secure your network against people using it. If someone cracks your password and uses your network, they are very clearly breaking the law, so WEP serves fine as a virtual "No Trespassing" sign. If your router keeps logs, it should even be fairly easy to prove, if the person ever gets caught.

Does this keep people who want your information from cracking into your network? NO. But unless you are a millionaire or some sizable company, your data shouldn't be valuable enough to warrant hacking, and should be secured with encryption on the computer (and use encrypted network protocols anytime it needs to be sent over the network).


RE: I live in Maryland
By rykerabel on 3/25/2008 4:45:36 PM , Rating: 5
quote:
Morally I agree cutting across the lawn shouldn't land you in Juvi. Legally that thing you do is called trespassing.


Actually, most laws require posting before it can be considered tresspassing.


RE: I live in Maryland
By leexgx on 3/25/2008 10:10:53 AM , Rating: 2
but you know that your nextdoor neighbor is using your connection so that be ok then

going to jail for <unauthorised use> of an insecure access point is an little extreme ,
in the uk we have had only 1 user has been found using wireless point unauthorised and thay was fined for doing that (some random law about using free Internet 2006) he had his laptop out and just sayed he was connected to an open access point to the officer that he was using it and got arrested right there lol and an some large fine he did not know it was illegal, that law is an little hard to prove or find how is useing it unless you daft enough to use you name as the computer name (think vista so not daft just vista :P)

way around that now is just buy an pay as you go 3g card (three network) or goto basically any starbucks, mac, as thay have free Internet nowadays just make sure its WPA/WPA2 (and isolation mode {you cant see other computers on the network its not in isolation mode})if using any thing sensitive (work computers should be using VPN)


RE: I live in Maryland
By Aloonatic on 3/25/2008 11:26:37 AM , Rating: 2
In the UK there have been a few different cases prosecuted using different laws, many not specifically about using someone's interweb for free but obtaining services by deception and that sort of thing. Some involve the illegal extraction of electricity or something, so my policeman friend tells me.

It's great that you can trust your neighbour though.

I wonder how the FBI will take your story that it wasn't you using your connection to view those web sites, it was your neighbour, honest?!

Most wireless routers that people in the UK have are (probably) from their service provider and come with security enabled by default.

Yet whilst I was connecting my girlfriends lap top to my router the other day I noticed at least 1 unsecured access point and that was a SKY router (can tell from the name which they'd left as the default SKYxxxx) who are also my service provider so I know that the default is the security enabled.

I have no idea why people take the security off their network except for laziness perhaps?


RE: I live in Maryland
By Vinnybcfc on 3/25/2008 1:45:27 PM , Rating: 2
Cant understand that - Sky send out a card with the key on as well so you dont have to track it down through the admin software.

I wish they would start to use WPA instead of WEP on their routers by default - although they may have started doing this on the new models


RE: I live in Maryland
By TimberJon on 3/25/2008 11:54:13 AM , Rating: 2
You should bill them like $20 a month dude haha. Slip that under the door.


Wow...
By Joz on 3/25/2008 9:34:45 AM , Rating: 2
Are people realy to stupid to put a decent password on their wireless? or use mac addresses to limit who has access..so easy.




RE: Wow...
By FITCamaro on 3/25/2008 9:41:58 AM , Rating: 5
Yes. And it's great that our lawmakers are among that group isn't it? Just shows you how inept our lawmakers are when it comes to understanding modern technology.


RE: Wow...
By fictisiousname on 3/25/2008 10:57:00 AM , Rating: 3
Ain't THAT the truth?

I can see if the "lawmaker" got upset at himself for being so stupid as to NOT secure his wireless service. Naaah.... He crafts a law difficult/impossible to enforce.


RE: Wow...
By frobizzle on 3/25/2008 9:56:59 AM , Rating: 2
quote:
Are people realy to stupid to put a decent password on their wireless? or use mac addresses to limit who has access ..so easy.

Mac address limitations are as easy to bypass as WEP!


RE: Wow...
By thornburg on 3/25/2008 10:28:36 AM , Rating: 2
quote:
Mac address limitations are as easy to bypass as WEP!


I can believe this is easily true if you know one or more of the valid MAC addresses .

Is there some kind of easy crack to get that information? And nearly everyone I know that uses an access control list ALSO uses encryption. Even if the encryption is WEP, don't the two together make it take some serious effort to get in?

Maybe I'm just in the dark about modern hacking methods... It has been several years since I picked up a copy of 2600.


RE: Wow...
By clovell on 3/25/2008 11:40:47 AM , Rating: 2
I may be mistaken, but aren't the odds of brute-forcing a 128-bit WEP key pretty long? I thought 128-bit was pretty secure. For another computer to hack through it, it would need to be fairly immobile and have a lot of time...


RE: Wow...
By CCRATA on 3/25/2008 12:06:00 PM , Rating: 2
WEP is vunerable to an XOR attack on the packet headers. You don't have to brute force it. Assuming there is a computer actively using the connection you can crack it in < an hour. The FBI can do it in minutes.


RE: Wow...
By CCRATA on 3/25/2008 12:04:31 PM , Rating: 2
MAC addresses are always sent in clear text even when encryption is enabled. If you see a mac sending packets to the ap you can just clone that one...


RE: Wow...
By johnsonx on 3/25/2008 3:11:58 PM , Rating: 2
but then don't you have to wait until that mac goes offline before you can use it?


RE: Wow...
By HrilL on 3/25/2008 8:56:47 PM , Rating: 2
no not really. I mean you'll get a mac address conflict but most of the time it still works. the router will just send to that mac as it always would so it would go to both computers and since the other is not waiting for the reply packet from the web page or what ever packet it is. It should just drop those packets. But you could run into problems if both computers reply to the same packet.


Typical
By Elementalism on 3/25/2008 10:04:13 AM , Rating: 4
This guy didnt gives two shats about this until somebody was using his.

I dont have a problem with a law punishing people for cracking encryption or brute forcing a passphrase. What I do have a problem with is punishing people for using a WiFi connection somebody was too lazy or ignorant to secure.




RE: Typical
By tekzor on 3/25/2008 10:52:04 AM , Rating: 2
Average jo user have no idea/tough time setting up any security imo. The biggest issue I see here is using someone elses wifi and hitting the bandwith so hard + illegal downloadling and getting caught:D with the owner of the wifi being blamed XD.


House Bill
By root mean sq on 3/25/2008 10:51:08 AM , Rating: 3
It should have been House Bill 1337.




RE: House Bill
By Mojo the Monkey on 3/25/2008 4:06:18 PM , Rating: 2
I would rate you up, but I already commented.


Isn't it great?
By FITCamaro on 3/25/2008 9:39:49 AM , Rating: 2
How when something happens to a lawmaker that they don't like, they get to try to make it illegal or have some kind of fine by proposing some new law?

I'm not advocating stealing other's wireless connections (I've done it when I first moved into a place and mine isn't hooked up yet) but it just pisses me off the way lawmakers do this.

How about a bill to make it illegal for Congress to get as much time off as they do? God knows campaigning is far more important than doing the job they were elected to do.




RE: Isn't it great?
By rcc on 3/25/2008 5:55:27 PM , Rating: 2
There's already a process for that. You just have to care enough to spend the time and effort. And these days, 3/4 of the country would probably jump on the bandwagon.


Intent?
By frobizzle on 3/25/2008 9:53:28 AM , Rating: 4
The one aspect of the law that would have been next to impossible to prove is intent. Add to that, the fact that by default, XP (and Vista?) wireless runs in a sort of promiscuous mode. If you don't change that, it will simply connect to the strongest non-encrypted signal it can find.
The average user boots up their Wifi enabled laptop and it connects to a network connection and they are happy. Never mind it might be the next door neighbor's AP they are hooked up to!




let's get it straight
By juserbogus on 3/25/2008 1:43:44 PM , Rating: 4
by the very nature of the technology you're not stealing anything if you connect to an unsecured wireless access point! in these cases the AP *advertises* to everybody that it's unsecured and open for connection. your computer then *ASKS* to connect and then the AP sets you up.

If you don't want that to happen... tell your AP to allow only authenticated computers to connect. it's that simple.

Now, hacking a wireless AP should be punishable through the normal hacking statutes.




Steal This Wi-Fi!!
By NukedSRT on 3/25/2008 6:49:16 PM , Rating: 2
Though my WAP at home is secured, Wired's Bruce Schneier struck a cord with his commentary "Steal This Wifi". (http://www.wired.com/politics/security/commentary/... )It is an interesting read. Instead of getting all worked up about 'stealing this' or 'poaching that', if we all provided a little open Wifi (while taking proper precautions) for each other I agree that we'd all be better off for it. Besides, if someone starts hogging too much of your bandwidth, just give them the Upside-Down-Ternet mentioned in the article. (http://www.ex-parrot.com/~pete/upside-down-ternet.... )!!




RE: Steal This Wi-Fi!!
By root mean sq on 3/26/2008 6:47:37 PM , Rating: 2
This is what it's like in Barbados. Small, flat land mass and healthy internet competition makes setting up a wireless network at home easy and cheap. I have a friend who lived in Barbados and he told me you can get access anywhere and nobody seems to mind.

The business model probably won't scale up to a country the size of the U.S. well, but it's nice to see that Wi-Fi brotherly love is alive and well somewhere.


This is already the law in Michigan.
By NesuD on 3/25/2008 10:02:11 AM , Rating: 2
Michigans law prohibiting unauthorized network access has been interpreted by at least one county prosecutor to apply to unsecured wifi as well as wired networks. We had a fellow last year who would pull into the parking lot of a local establishment offering free WiFi to check his email every morning on his way to work. He was observed by local law enforcement doing this for several days in a row so they asked him what he was doing and he told them truthfully that he was checking his email. Well the cop reported what he had seen and been told and the local prosecutor determined that was a violation of the states anti hacking law and the fellow was charged with a felony for unauthorized access to the establishments WiFi network. The prosecutor in his infinite wisdom determined that the WiFi was only free to customers of the establishment even though the establishment apparently had no such requirement. They ended up pleading him out to a lesser misdemeaner charge and slapped him with a couple thousand dollar fine as I recall. Maybe I'm a little off base but that particular case was a innapropriate and misguided application of the law here in Michigan. If I lived in that county I would be making a ton of noise come election time and get that prosecuter booted. Good thing Maryland's legilature had the good sense to know stupid when they saw it in this particular case. I find it funny the guy didn't seem to care until he caught his neighbor using it.




out there
By tastyratz on 3/25/08, Rating: -1
RE: out there
By spluurfg on 3/25/2008 9:36:55 AM , Rating: 2
Agreed. I think that the criminalization of the unauthorized connection to a wireless network with the intent to cause harm is fine, but failing that intent to cause harm, it's like jailing the neighbors' kids for crossing over to your side of the grass without asking them to leave.

I'm just pleasantly surprised that a legislative body applied a healthy dose of common sense in their decision. Seems like that isn't always the case these days when it comes to technology laws.


RE: out there
By leexgx on 3/25/2008 9:52:52 AM , Rating: 2
some wireless software is auto set to connect to unsecured access points i was at some ones house setting up there wireless as it was been not always working and it was that there PC or laptop was auto connecting to next doors Internet there router was not even set up as it turns off wireless on first power up or reset (to force the user to setup security) but thay asumed it was theres

the shops that sell them Should tell them to secure it or router company should do what netgear does wireless off set up security as its wizard based its 5 steps and its done


RE: out there
By chrisld on 3/25/2008 11:17:25 AM , Rating: 2
If they propose 3 years in prison for stealing your neighbor's bandwidth, shouldn't Comcast also get 3 years for limiting our bandwidth? It amounts to the same thing.

1. Neighbor takes my bandwidth so I get less than I paid for
2. Service provider limits bandwidth so I get less than I paid for

I do realise it's possible to take issue with this argument but it's thought provoking.


"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov











botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki