Announcement

Collapse
No announcement yet.

Evil Hackers hacking Wifi

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Evil Hackers hacking Wifi

    http://www.kait8.com/Global/story.asp?S=12440452

    "Change your passwords often and make them hard passwords," says Detective Ward, and if you change your password make sure to change it on the router and each computer. He also says to keep your network hidden. One of the best ways to keep someone from doing real damage with your WIFI is to have a good firewall, "There are some out here that you can actually get to, connect to, but you can't go anywhere once you connect.
    The utter idiocy of this article is astounding. Nothing about encryption, and the best way is to "hide" your network and to have a good firewall.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  • #2
    Re: Evil Hackers hacking Wifi

    Sounds like Detective Ward asked Barney Fife for his intel. I wonder how many of the technically uninformed readers in Jonesboro, AR are putting their "little blue box with blinking lights and antennas" under a shoe box in an attempt to hide it.

    Comment


    • #3
      Re: Evil Hackers hacking Wifi

      Originally posted by Article
      You could drive down any neighborhood, and be able to get access to free internet, but it is when individuals take it a step further that crosses the line.
      Oh, is that when it crosses the line? Good to know. This whole article is just face-smacking retarded. I wonder if the Jonesboro, Ar police department is taking this "security" information to heart with their own network.
      "You have cubed asscheeks?"... "Do you not?"

      Comment


      • #4
        Re: Evil Hackers hacking Wifi

        If i remember correctly (and I'm sure someone on here will correct me) An open access port = no expectation of privacy. To further that how can connecting to an open access port = "Be aware if someone is caught stealing the internet, they can be charged with a class a misdemeanor, and if any information is obtained it's a felony."

        I am also sick of people saying "Think like a hacker" its like saying "America Wants". It is a pointless sound bite that means nothing in reality. Blah this entire article screams ignorance and depresses me entirely.

        Also can someone explain to me what having Windows updates has to do with wireless network security. If an access port is left open and you didn't hide it under your bed... yeah.

        In United States v. Ahrndt, No. 08-cr-468 (D. Ore. Jan. 28, 2010), a federal trial court held that a child pornography suspect had no constitutionally protected privacy right in the files found on his personal computer, stored in a shared iTunes folder fed by a Limewire account, accessible by a neighbor who was piggybacking on his unsecured wireless network.]
        Originally posted by Ellen
        Do I wish we could all be like hexjunkie? Heck yes I do. :) That would rock.

        Comment


        • #5
          Re: Evil Hackers hacking Wifi

          Originally posted by hexjunkie View Post
          If i remember correctly (and I'm sure someone on here will correct me) An open access port = no expectation of privacy.
          pdf of case: http://pub.bna.com/eclr/08cr468_012810.pdf

          close. In the case you cite, an open access point reduces expectation of privacy. However, that case depends on the limewire/iTunes part as well.

          short answer:
          As a result of the ease and frequency with which people use others' wireless networks, I
          conclude that society recognizes a lower expectation of privacy in information broadcast via an
          unsecured wireless network router than in infonnation transmitted through a hardwired network
          or password-protected network. Society's recognition of a lower expectation of privacy in
          unsecured wireless networks, however, does not alone eliminate defendant's right to privacy
          under the Fourth Amendment. In order to hold that defendant had no right to privacy, it is also
          necessary to find that society would not recognize as reasonable an expectation of privacy in the
          contents of a shared iTunes library available for streaming on an unsecured wireless network.
          long answer:

          They first argue precedent - cordless phones have no expectation of privacy, because they can be trivially overheard (by other cordless phones, in some instances).
          The standard is - A person has to reasonably expect their information to be private, and society would have to agree that expectation is reasonable.

          Unlike a cordless phone, however, merely associating with another's wi-fi AP does not give one the other's private information. To actually obtain private information, a person either has to intentionally capture and decode the traffic (with something like wireshark), or obtain access to the computer over the network.
          Analogously - if someone leaves open the blinds in their living room, they have no expectation of privacy in that room. If they go back to their bedroom, though, where the blinds are closed, then they do.


          The second and important part in the previous case is the limewire/iTunes part. The defendant not only had an open AP that anyone could connect to, but his software (iTunes), broadcast to anyone else connected using iTunes that he had a shared folder of media, and what the contents of that folder were. Limewire, by default, adds its download folder to the iTunes share.


          In this particular case, no 'hacking' was done to search the defendants computer, initially. A neighbor's wifi failed, so her computer associated, (automatically) with the defendant's AP, "Belkin54G". when she opened up iTunes (a common, reasonable program to use), it reported a shared folder which was broadcast to her, "Dad's Limewire Tunes". Opening this folder revealed files with names indicative of child pornography.

          The defendant not only didn't secure their AP, they actively broadcast the contents of their computer to anyone on their network. If I murder someone in my living room, with the front blinds open, and someone else sees me - I can't expect privacy. This is the same thing.

          And The Moral of the Story Is
          know and understand the behavior of software you install on your computer! If necessary, configure it or uninstall it. The defendant was smarter than the average bear in the subject of computers, so even complete ignorance isn't an excuse.

          alternatively: software's defaults should not be for ease-of-use, but for privacy. That's debatable, though.
          edit: apparently the iTunes default is to 'not share'? I don't use iTunes, so I can't say with a certainty whether this is true, and whether it was true at the time of this case.

          and if you can't manage either of those two options, then don't download child pornography.
          Last edited by YenTheFirst; May 10, 2010, 11:17.
          It's not stupid, it's advanced.

          Comment


          • #6
            Re: Evil Hackers hacking Wifi

            I agree with your observations, and your point is well stated. My scenario involves and Open access point (the cordless phone example requires special exipment to collect the frequency or the same model phone, similar to using wireshark to gather clear text user name and passwords)

            What I am looking at is the standard person who leaves their open access port open and the Windows 7 defaults to share particular folders on a "Home" network.

            I do not believe that there are any expectations (or shouldn't be) on shared folders with an open wireless access point. I just can't find any cases studies that state either way.
            //hypothetical
            I know that from my appartment there are 12 open access points including my "Guest" network. On all access points aside from my "Guest" network there are shared folders easily accessable without any form of "Hack". In some of these folders are risque videos, pictures, documents, some of them even include financial data. I have taken the initiative to find each of the access point owners and have aided them in securing their data and educated the people on their shared folders and what they actually mean. At what point did I commit a felony? I would understand if I took that information and committed another type of crime such as identity theft or blackmail. I find it illogical that someone would state that me accessing an open access point constitutes any kind of crime at all.

            Continue it one step further and say the network is a "Free WiFi point at starbucks or mcdonalds. People on those networks connect and have shared folders open all the time with personal data, they also open corporate e-mail while their back is to a window out in the parking lot. If I were to sniff the traffic that is unencrypted (not likely but hay) what would be the difference from the technical looking over the shoulder and physically looking over the shoulder with binaculars from accross the street, or even standing in the parking lot?

            // end of hypothetical

            I am just wondering at what point do we [the courts] accept stupidity as an excuse for leaving all of this open and accessable.

            Long story short, an open access port is like leaving your front door open and unlocked. If you do you can't have the expectation that someone will not come in and walk out with all of your stuff. I am sorry but I suffer from the military mentality of if it is unlocked your stuff should be stolen because you are at fault.

            Sorry if I come off as slightly nieve its just I don't understand where the "Crime" exists in the article and I haven't been able to find a clear statute that dictates what is and is not accessable.

            I know under Terms of Service from a lot of ISP services that and open/ guest network is against the TOS. Violating TOS does not a crime make.
            Originally posted by Ellen
            Do I wish we could all be like hexjunkie? Heck yes I do. :) That would rock.

            Comment


            • #7
              Re: Evil Hackers hacking Wifi

              Originally posted by hexjunkie View Post

              Long story short, an open access port is like leaving your front door open and unlocked. If you do you can't have the expectation that someone will not come in and walk out with all of your stuff. I am sorry but I suffer from the military mentality of if it is unlocked your stuff should be stolen because you are at fault.
              The person walking into your home with an open front door is committing the crime of trespass, if they steal something then they've committed the crime of burglary. Plain and simple, same thing goes for someone trespassing upon an open access point.

              On another point, in certain states, if someone walks into your home, locked door or not, the homeowner can shoot and kill the person, and is protected under the law of the castle doctrine.

              You are basically blaming the victim, not the criminal.
              A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

              Comment


              • #8
                Re: Evil Hackers hacking Wifi

                Originally posted by streaker69 View Post
                The person walking into your home with an open front door is committing the crime of trespass, if they steal something then they've committed the crime of burglary. Plain and simple, same thing goes for someone trespassing upon an open access point.

                On another point, in certain states, if someone walks into your home, locked door or not, the homeowner can shoot and kill the person, and is protected under the law of the castle doctrine.

                You are basically blaming the victim, not the criminal.
                You are 100% correct in a legal stand point, thank you for clearing that up for me.

                In the hopes that I do not hijak the thread, perhaps I shouldn't ask this question..

                Why don't we blame the victim in situations such as these(at least partially)? Shouldn't some of this fall under "personal responsability"?

                If this is going to hijak the thread then please disregard and PM me so I can start a new thread.
                Last edited by hexjunkie; May 11, 2010, 10:17. Reason: added the at least partially
                Originally posted by Ellen
                Do I wish we could all be like hexjunkie? Heck yes I do. :) That would rock.

                Comment


                • #9
                  Re: Evil Hackers hacking Wifi

                  Originally posted by hexjunkie
                  What I am looking at is the standard person who leaves their open access port open and the Windows 7 defaults to share particular folders on a "Home" network.
                  I believe this would be identical to the open AP/iTunes case. it's just a different piece of software broadcasting the share.

                  Originally posted by hexjunkie
                  Long story short, an open access port is like leaving your front door open and unlocked. If you do you can't have the expectation that someone will not come in and walk out with all of your stuff.
                  Originally posted by streaker69
                  The person walking into your home with an open front door is committing the crime of trespass, if they steal something then they've committed the crime of burglary. Plain and simple, same thing goes for someone trespassing upon an open access point.
                  the whole 'expectation of privacy' thing in the previous case doesn't deal with crimes, it deals with what the police have to obtain a warrant to search for.

                  If I steal something, I've committed a crime, no matter how easy you may have made it. If I'm a policeman, and I find out you have child pornography on your computer by breaking your WPA2 protected wifi, without a warrant, it's an illegal search, and the evidence is inadmissible. However, if you've left your wifi so incredibly open that people could stumble upon the contents of your computer by accident, you can't cite 4th amendment protection when a warrant-less search obtains those contents and uses them against you.

                  as opposed to someone breaking into your house, the analogy is closer to leaving something out on the curb (as if garbage), or even in the middle of a park somewhere. If someone else were to take that thing, you'd be harder pressed to consider it theft. (depending on the exact circumstances, of course)
                  It's not stupid, it's advanced.

                  Comment


                  • #10
                    Re: Evil Hackers hacking Wifi

                    It is closer to an electrical outlet that has an extension cord that leads up to the edge of the property. You can see the power cable, know it is there, know it is available to anyone that wants to take it, but it isn't yours to take. Once you "reach-in" to steal service (transmit packets in non-passive mode back to an access point for Internet access) you are stealing service.

                    In both cases, a service is available but requires you to "reach across the property line" to take it, and the thing you are trying to take is a service.

                    Some have tried to apply rules on property lines and trees that provide fruit, since neighbors are often legally allowed to harvest any fruit hanging over their property. However, this is not the same for many reasons. First, a tree is not a service. Second, this example does not involve crossing the property line. When a person chooses to use someone else's access point, they are extending their virtual presence across property that is not theirs to access a service that is not theirs by transmitting "packets" or "frames" addressed to the access point not owned by them.

                    This is far different from passive observation. If you only receive broadcast messages from the access point that describe its name and supported encryption, but never transmit a reply, then you might have some legal defense available to you.

                    Disclaimer: The above is not legal advice: I am not a lawyer.

                    Comment


                    • #11
                      Re: Evil Hackers hacking Wifi

                      Originally posted by hexjunkie View Post

                      Why don't we blame the victim in situations such as these(at least partially)? Shouldn't some of this fall under "personal responsability"?
                      You are expecting every person to understand the technical aspects of every piece of technology that they purchase, which is of course impossible.
                      A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                      Comment


                      • #12
                        Re: Evil Hackers hacking Wifi

                        Originally posted by streaker69 View Post
                        You are expecting every person to understand the technical aspects of every piece of technology that they purchase, which is of course impossible.
                        knowing every aspect is unreasonable, if not impossible. But, 'reasonable' people are expected, legally, to know certain basics: unprotected wifi is unprotected, shared folders are shared.

                        These basics are determined by what society at large can be expected to understand.

                        TheCotMan: I thought we were discussing privacy aspects, not theft of service?
                        It's not stupid, it's advanced.

                        Comment


                        • #13
                          Re: Evil Hackers hacking Wifi

                          Originally posted by YenTheFirst View Post
                          knowing every aspect is unreasonable, if not impossible. But, 'reasonable' people are expected, legally, to know certain basics: unprotected wifi is unprotected, shared folders are shared.

                          These basics are determined by what society at large can be expected to understand.

                          TheCotMan: I thought we were discussing privacy aspects, not theft of service?
                          I would contend that 'reasonable' people also know not to steal and trespass as well, whether a door or wifi is secured or not.
                          A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

                          Comment


                          • #14
                            Re: Evil Hackers hacking Wifi

                            Originally posted by YenTheFirst View Post
                            TheCotMan: I thought we were discussing privacy aspects, not theft of service?
                            It seems the conversation and topic changed. I've included a reference to your post:

                            Here is what I was replying to:
                            Originally posted by YenTheFirst View Post
                            If I steal something, I've committed a crime, no matter how easy you may have made it. If I'm a policeman, and I find out you have child pornography on your computer by breaking your WPA2 protected wifi, without a warrant, it's an illegal search, and the evidence is inadmissible. However, if you've left your wifi so incredibly open that people could stumble upon the contents of your computer by accident, you can't cite 4th amendment protection when a warrant-less search obtains those contents and uses them against you.

                            as opposed to someone breaking into your house, the analogy is closer to leaving something out on the curb (as if garbage), or even in the middle of a park somewhere. If someone else were to take that thing, you'd be harder pressed to consider it theft. (depending on the exact circumstances, of course)
                            Check further back, and you see discussion of stealing, "free Internet."

                            And here was my reply:
                            Originally posted by TheCotMan View Post
                            It is closer to an electrical outlet that has an extension cord that leads up to the edge of the property. You can see the power cable, know it is there, know it is available to anyone that wants to take it, but it isn't yours to take. Once you "reach-in" to steal service (transmit packets in non-passive mode back to an access point for Internet access) you are stealing service.

                            In both cases, a service is available but requires you to "reach across the property line" to take it, and the thing you are trying to take is a service.

                            Some have tried to apply rules on property lines and trees that provide fruit, since neighbors are often legally allowed to harvest any fruit hanging over their property. However, this is not the same for many reasons. First, a tree is not a service. Second, this example does not involve crossing the property line. When a person chooses to use someone else's access point, they are extending their virtual presence across property that is not theirs to access a service that is not theirs by transmitting "packets" or "frames" addressed to the access point not owned by them.

                            This is far different from passive observation. If you only receive broadcast messages from the access point that describe its name and supported encryption, but never transmit a reply, then you might have some legal defense available to you.

                            Disclaimer: The above is not legal advice: I am not a lawyer.
                            If you associate with their access point, you are actively taking part in their network, and the access point is providing access to Internet service, you are interfering with their service. If you run a tool to observe traffic to/from their access point to other peers, and you "copy" the payload of their traffic, you *are*, by demonstration, downloading content from the Internet to your computer. This would, in my opinion, still be theft of service.

                            If you never copy frames with payload as content from the Internet, and only passively copy frames that are from peers on their network to peers on their network, you might be able to argue that the service you were stealing was not Internet service, but I don't think a jury would agree, and attempts to convince them that "the line" between theft of Internet service doesn't count if you inspect (to filter out) but never copy payload to/from the Internet as not being theft of service.

                            As I see it, theft would be applied before privacy, as theft almost always has a criminal element, while privacy is more often a civil issue. Civil cases often wait to go to trial until after the criminal portion related to the civil case is concluded, as the outcome is often critical to any decision in a civil case.

                            Comment


                            • #15
                              Re: Evil Hackers hacking Wifi

                              Originally posted by YenTheFirst View Post
                              knowing every aspect is unreasonable, if not impossible. But, 'reasonable' people are expected, legally, to know certain basics: unprotected wifi is unprotected, shared folders are shared.

                              These basics are determined by what society at large can be expected to understand.
                              Those things may be basic for the likes of us, but they are *highly technical concepts* for the average user. Remember, society at large can't log into their PCs without three calls to the helpdesk to reset the password.

                              Originally posted by TheCotMan View Post
                              If you associate with their access point, you are actively taking part in their network, and the access point is providing access to Internet service, you are interfering with their service.
                              This has been decided numerous time in case law. Any unauthorized use of a WLAN (aka "'piggypacking") is illegal and that exact interpretation has resulted in convictions in at least a half dozen US states, several Canadian provinces, and the UK.

                              Originally posted by TheCotMan View Post
                              If you run a tool to observe traffic to/from their access point to other peers, and you "copy" the payload of their traffic, you *are*, by demonstration, downloading content from the Internet to your computer. This would, in my opinion, still be theft of service.
                              This hasn't been as clearly decided, yet. The current FCC regulations do allow for passive reception of any clear traffic. However, given the current trends in data protection and privacy, I expect that at some near time in the future, the rights of the owner of the data transmitted over RF will supersede the rights of the anyone passively capturing that same data.
                              Last edited by Thorn; May 11, 2010, 21:44.
                              Thorn
                              "If you can't be a good example, then you'll just have to be a horrible warning." - Catherine Aird

                              Comment

                              Working...
                              X