Print 93 comment(s) - last by BZDTemp.. on May 24 at 12:51 PM

Two separate New York state homeowners recently found their doors kicked down and were arrested on suspicion of distributing child pornography. In both cases the men were innocent -- the true culprit was a neighbor cybersquatting on their Wi-Fi connection.  (Source: UTNE Reader)

Increasingly, cyber-criminals are turning to open networks to commit crimes, including distributing child porn. Government agents often miss clear clues that point that the true suspect might be someone other than the network owner. For example, in one of the N.Y. cases, the culprit had connected on a college network under the same alias -- a lead which would have led officers to a different door, had they followed up on it.  (Source: Chicago Title Co.)

At the end of the day about the only thing citizens can do to prevent their house being subjected to a police raid is to secure their wi-fi connections. But even that isn't 100 percent foolproof as secure routers can be hacked.  (Source: Chronicle UK)
Homeowners arrested, held and gunpoint for neighbors' child pornography

It's a common practice that seems like generosity, but could lead to your home being invaded by federal agents.  Recent cases underscore the dangerous nature of having an unsecured Wi-Fi router.

I. A Rude Awakening

On March 7 at 6:30 a.m. a resident of Buffalo, New York received the scare of a lifetime.  With a thunderous crash his front door was broken, awaking the man and his wife.  Putting a robe on and rushing downstairs he saw federal agents wearing a strange acronym I-C-E (which he would later discover stood for U.S. Immigration and Customs Enforcement).

An ICE agent charged the stairs, hurling him down it, leaving him cut and bruised.  The man's lawyer, Barry Covert, recalls the agents screamed at him, "Get down! Get down on the ground!", to which the man screamed back, "Who are you? Who are you?"

Armed with assault weapons the agents began to hurl slurs at the injured suspect that gave him the first inclination of what was going on.  "Pedophile!" and "pornographer!" they screamed.

He dressed at gunpoint in the bathroom and was escorted to an interrogation room at a government facility.  Agents accused him of using the name "Doldrum" and downloading pornographic images.

The man was flabbergasted.

He recalls the agent grilling him, stating, "We know who you are! You downloaded thousands of images at 11:30 last night."

He recalls arguing, "No, I didn't. Somebody else could have but I didn't do anything like that."

Unconvinced an agent sneered at him, "You're a creep ... just admit it."

II.  You've Got the Wrong Man!

Only he wasn't a creep.  

After having his family's laptops, iPads, and iPhones seized, federal agents would later conclude that the man was right -- he had no stash of child porn.  However, they would later discover that his 25-year-old neighbor who was accessing the man's Wi-Fi was downloading explicit videos and images.

That neighbor, John Luchetti, was arrested March 17.  

The irony is that if police had conducted a more thorough initial investigation they likely would have had a far different encounter with the first man.  Mr. Luchetti was tracked down because "Doldrum" also accessed two internet protocol (IP) addresses at State University of New York at Buffalo using a secure token.  When the university revealed the student's identity, federal agents realized that the true "Doldrum" was a man living in an apartment complex very close to their original suspect.

To be fair, Mr. Luchetti himself has pleaded not guilty to the distribution of child pornography.

The case was a tough one because in theory the feds could have done everything right in gaining warranted entry in the original suspect's home.  The feds began their investigation on February 11 when they received peer-to-peer file transfers from "Doldrum" and grabbed the IP address.

They tracked the IP downloading the files to that address, thanks to cooperation from the internet service provider.  So in theory, the homeowner could have been the primary suspect.

On the other hand, as mentioned, "Doldrum" also connected from other IPs and a thorough investigation would have revealed that.  

U.S. Attorney William Hochul and Immigration and Customs Enforcement Special Agent in Charge Lev Kubiak reportedly have apologized to the homeowner.  

Amazingly, in today's era of "fast-food lawsuits" the homeowner is not suing the government.  He just wants to share his story with the media as a warning to other homeowners and to pressure federal agents to be more thorough in their searches.

III. Unsecured Wi-Fi: Not Uncommon

According to a study conducted by Wakefield Research on behalf of the Wi-Fi Alliance, approximately 32 percent of adults have used someone's unsecured Wi-Fi connection without their knowledge or permission.  The study, which polled 1,054 Americans age 18 and older, also estimates that America has 201 million Wi-Fi connections.  

Ironically 40 percent of people said they were more likely to give their house key to someone than their Wi-Fi key.  The admission illustrates the dichotomy between those with some knowledge of security and those who fail to understand the repercussions of leaving your virtual door open.

Some understand the risks and willing open their connections, though.

Rebecca Jeschke, a spokeswoman for the Electronic Frontier Foundation, a San Francisco-based nonprofit that takes on cyberspace civil liberties issues argues that people shouldn't be afraid to leave their networks unsecure.  In an interview with the Associate Press, she states, "I think it's convenient and polite to have an open Wi-Fi network.  Public Wi-Fi is for the common good and I'm happy to participate in that — and lots of people are."

Orin Kerr, a professor at George Washington University Law School, disagrees.  He states, "[Whether you're guilty of downloads on open networks] you look like the suspect."

He adds that accessing open networks without permission is a legal gray area today.  He explains, "The question is whether it's unauthorized access and so you have to say, 'Is an open wireless point implicitly authorizing users or not? We don't know.  The law prohibits unauthorized access and it's just not clear what's authorized with an open unsecured wireless."

The Federal government for its part argues that homeowners shouldn't leave their networks open.  The Computer Emergency Readiness Team -- a federal organization -- suggests users disable their networks from broadcasting their presence.  They also suggest that users change the default passwords (which are widely known) and keep their routers patched (to prevent exploits).  At the end of the day, though, many users won't have the knowledge and skills to follow through on such suggestions.

It's also important to consider that there are ways to break into most consumer "secured" network routers, as well.  Having password-protected encrypted traffic is no guarantee that your connection is completely safe from savvy cyber-miscreants.

However, it's perhaps best not to make things easy for abusers by leaving your connection wide open.  

Stories of bad experiences are mounting.  A Sarasota, Fla. man had a cybersquatter download tens of thousands of child porn images from his marina's network by boosting his signal using a potato chip can.  And in North Syracuse, N.Y. a man this spring was greeted by authorities who suspected he was downloading child porn.  It turned out it was his neighbor, who was arrested April 12.

Aside from law enforcement and child porn, thousands have received threats from the Recording Industry Association of America and other industry groups for infringed copyrighted materials that were downloaded over their connection.  Some of these individuals were forced into payouts totaling thousands of dollars.

The issue of open networks and how law enforcement should deal with them is an issue that seems certain to only grow as time passes.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

RE: Swat team for a this?
By therealnickdanger on 4/25/2011 11:26:32 AM , Rating: 2
That or a thermite reaction. haha

RE: Swat team for a this?
By heffeque on 4/25/2011 11:49:53 AM , Rating: 4
What I don't understand is why the police think that an IP address equals a person. Why is the owner of an internet connection he main subject? Why does the police think that only one person can access an internet connection? Don't they know that an internet connection can be shared and even open to anyone who passes near your wifi AP? Will they do the same to the Starbucks owner if some pedo downloads kiddy porn from his store?

IP is NOT what identifies a person even if that person uses a secured wifi network.

I'm shocked that the policemen didn't learn that years ago.

RE: Swat team for a this?
By ekv on 4/25/2011 8:02:34 PM , Rating: 1
umm, IIRC an IP does identify you according to DT.

RE: Swat team for a this?
By jconan on 4/26/2011 3:53:35 AM , Rating: 2
but not all ips are static. There is a limited number of ips, and typically those are pooled or shared aka dynamic ips. That's why it's impossible to host a site on dynamic ips.

RE: Swat team for a this?
By dsumanik on 4/26/2011 8:59:52 AM , Rating: 2
Actually even this is possible with the use of dynamic DNS Services(DDNS)

I had to set up a clients website and mail server in a remote location that was only connected via satellite uplink.....the satellite provider would not provide a static IP for them for some lame ass reason so DDNS was the only route... sure it can be prone to intermittent outages, but if you set all your polling rates on a tight schedule and time your IP refresh during non peak hours in the middle of the night, for the most part no one even knows unless something wierd like a power bump happens, and even then its temporary DNS routing problem, the mail just piles up and comes through all in one big gulp after heh.

RE: Swat team for a this?
By ekv on 4/26/2011 4:10:04 PM , Rating: 2
Nor is my IP static. However, if you're ISP simply reassigns you the same IP continually ....

Not hosting a site. However, if you torrent videos or pictures, as was the case with the OP, no?, then your IP can be tracked, and hence 'you.'

RE: Swat team for a this?
By BZDTemp on 5/24/2011 12:51:59 PM , Rating: 2
Not that it means one IP = one person, but ISP's will log what IP number is given to a specific account at a specific time. So and IP + time can normally tell what person/company is the main go to, but of course not if there is one or a thousand people using that IP adress.

RE: Swat team for a this?
By HrilL on 4/25/2011 8:32:04 PM , Rating: 2
Completely agree. NAT has been around for ages and as IPv4 is about maxed at this point its likely to be used more widely because making the switch to IPv6 is going to take a lot longer then you might expect.

"We are going to continue to work with them to make sure they understand the reality of the Internet.  A lot of these people don't have Ph.Ds, and they don't have a degree in computer science." -- RIM co-CEO Michael Lazaridis

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki