Wireless "piggybacking" *IS* illegal

Finally, a case has been decided on the issue of piggybacking on somebody
else's wireless internet connection.

Although he has been found guilty under sections 125/126 of the
Communications Act 2003, not under the Computer misuse Act, as I have
always expected.

<http://news.bbc.co.uk/1/hi/technology/4721723.stm>
<http://www.techspot.com/news/18128-Man-convicted-of-hacking-wireless-network.html>
<http://www.webuser.co.uk/news/news.php?id=66432>
<http://www.pocket-lint.co.uk/news.php?newsId=1431>

--
Alex Heney
Global Villager
A neat desk is a sign of a sick mind.
To reply by email, my address is alexATheneyDOTPLUSDOTcom

"Alex Heney" <(E-Mail Removed)> trolled...
> Finally, a case has been decided on the issue of piggybacking on somebody
> else's wireless internet connection.

Not how I read it!
His connection was unwelcome, and (from the apparant history) it appears
that he was aware of this.

Not the same as using a pseudo 'hot-spot' that someone has kindly left open!

- Mike

In article <10knkuyzlwd53.mwoc9tqkntp1$.(E-Mail Removed)>, (E-Mail Removed)
says...

> Finally, a case has been decided on the issue of piggybacking on somebody
> else's wireless internet connection.
>
> Although he has been found guilty under sections 125/126 of the
> Communications Act 2003, not under the Computer misuse Act, as I have
> always expected.

The former act was only used because they couldn't prove he had accessed
another computer to prosecute him under the latter.

Your "expectation" is a little 'self-important', or did you have access
to any of the legal argument taking place, or, as no previous legal
precedent had been set in such a circumstance, precise knowledge of what
crime he'd allegedly committed and therefore that for which he could or
couldn't be prosecuted for?

On Thu, 28 Jul 2005 10:25:11 +0000 (UTC), Mike H in message
<news:dcabq7$r3$(E-Mail Removed)> wrote:

> "Alex Heney" <(E-Mail Removed)> trolled...
>> Finally, a case has been decided on the issue of piggybacking on somebody
>> else's wireless internet connection.
>
> Not how I read it!
> His connection was unwelcome, and (from the apparant history) it appears
> that he was aware of this.
>
> Not the same as using a pseudo 'hot-spot' that someone has kindly left open!
>

That is exactly what he was doing.

--
Alex Heney
Global Villager
Microsoft - We put the "backwards" into backwards compatibility.
To reply by email, my address is alexATheneyDOTPLUSDOTcom

On Thu, 28 Jul 2005 11:49:26 +0100, ComPCs in message
<news:(E-Mail Removed) et> wrote:

> In article <10knkuyzlwd53.mwoc9tqkntp1$.(E-Mail Removed)>, (E-Mail Removed)
> says...
>
>> Finally, a case has been decided on the issue of piggybacking on somebody
>> else's wireless internet connection.
>>
>> Although he has been found guilty under sections 125/126 of the
>> Communications Act 2003, not under the Computer misuse Act, as I have
>> always expected.
>
> The former act was only used because they couldn't prove he had accessed
> another computer to prosecute him under the latter.
>
> Your "expectation" is a little 'self-important', or did you have access
> to any of the legal argument taking place, or, as no previous legal
> precedent had been set in such a circumstance, precise knowledge of what
> crime he'd allegedly committed and therefore that for which he could or
> couldn't be prosecuted for?

Nothing "self important" about it at all.

It is just that there have been a number of previous arguments on here and
other groups regarding the legality of doing that, and I have always argued
that it would be illegal under the CMA.

So I was just remarking that he had been done under a different act to the
one I have always argued for.

--
Alex Heney
Global Villager
All computers wait at the same speed.
To reply by email, my address is alexATheneyDOTPLUSDOTcom

"Alex Heney" <(E-Mail Removed)> wrote in message
news:10knkuyzlwd53.mwoc9tqkntp1$.(E-Mail Removed)...
> Finally, a case has been decided on the issue of piggybacking on somebody
> else's wireless internet connection.

Interesting story, but the fact of the matter is that this guy had been
doing it for 3 months!!!! I think I would be suspicious of someone parked
up out side my house with a laptop regularly for 3 months, wouldn't you?
I'd question any car that parked outside my property, and regularly do just
that. Whoever the network belonged to must have been either *very* slow to
realise that this chap was using their network to access the internet, or
they were very cunning and planned to snare him into the situation he ended
up in. Either way, the hacker was playing a dodgy game doing it so openly
for such a long period of time. He was almost asking to be caught, wasn't
he?

In contrast to the above, I'm sure there are plenty of other instances where
WiFi hacking goes on, but not for anywhere near the time that the above case
experienced. Short hacking periods, are less likely to result in a court
appearance, as they are much more difficult to prove in the first place. And
what about a genuine WiFi user who is travelling down the road and
inadvertantly connects to a WiFi network by mistake? He may well be as
unaware of the fact that he has connected (unlawfully to someone network),
just as much as the owner of a WiFi access point may be unware that he's in
there!.This makes for a very difficult case, and who is to blame? The
network owner for not locking the door, or the unaware traveller for not
realising his computer has logged in. I would square the blame clearly on
the network owner, but it seems the law does not follow suit (no surprise
there then).

I think its probably time for the manufacturers of WiFi equpment to start
pushing the security side of things *much* more! Perhaps enabling security
as a default and sticking a label on each unit with the pre-set encryption
key in use, and clearly explaining in the manual, the consequences of
leaving the network 'open' without encryption and security. If people are
not aware of the consequences, then they are not likely to worry about them.
It is also likely that if a key was installed by the manufacturer, then the
WiFi point would remain secure in use. Its not likely that someone would
remove the key if the paperwork explained its importance to security.

I have, from the day I approached the WiFi scene, been very security
conscious. I run a wireless network, and I also keep logs of all
connections and all attempted connections, I also have a system in place
that alerts me by email and SMS, if an unauthorised user tries to connect to
my network. I run WPA-PSK as standard security with a very long random key.
And if that's not enough, I then force any authorised users who have got in
this far to connect via a proxy server (which is the only way onto the
internet) which requests that they can only connect with a unique fixed IP
address, a matching MAC address and matching username and password. If all
these criteria are not matched, they get an UNAUTHORISED message, and they
are OUT! Further to this, I also log *all* internet and email activity of
every user, DHCP is disabled, my network uses a less than common IP address
range, SSID broadcasts are off and I have blocked the use of any other IP
addresses except the ones reserved for genuine users. I have also disabled
windows file and printer sharing on the network, and use a specific software
package to gain access to files on other computers on the network, which
again requires a password and username to log in. Now if that isn't secure,
I don't know what is! Its certainly going to stop any casual hacker from
dropping in for a browse around the net without my permission!

Security is very important in my book, and I still think 'in my opinion'
that the network owner should be responsible *entirely* for the security of
their network. If the door is wide open, then its obvious that someone might
just walk in.

Bim

In article <o92xm1gvmu9z$.140zujqxwlbip$.(E-Mail Removed)>, me8
@privacy.net says...


> It is just that there have been a number of previous arguments on here and
> other groups regarding the legality of doing that, and I have always argued
> that it would be illegal under the CMA.

I see, so, your comments were *not* that you always expected him to be
convicted under the Communications Act 2003, but that you had expected
him to be convicted under the Computer misuse Act?

In a 'nutshell', and not meant as a criticism, you were admitting, if
you like, that you were wrong because you thought the CMA applied, which
it seems, didn't?

> So I was just remarking that he had been done under a different act to the
> one I have always argued for.

Not quite how I read your original post, and subsequently, i withdraw my
comments suggesting you were being 'conceited'.

Apologies for any offence caused.

In an earlier contribution to this discussion,
Bim <(E-Mail Removed)> wrote:

>
> Security is very important in my book, and I still think 'in my
> opinion' that the network owner should be responsible *entirely* for
> the security of their network. If the door is wide open, then its
> obvious that someone might just walk in.
>

I agree with you in principle - but the fact that wireless kits are being
sold on a plug'n play basis means that it's all too easy to create a
wireless network with a minimum of configuration, and be completely
oblivious of the security implications. Manufacturers *have* to make the kit
easy to install if they want to sell vast quantities of the stuff - and
often provide few or no health warnings about security.

I'm not sure how best to combat this. Maybe manufacturers of wireless kit
should be forced to design the firmware in such a way that it will only run
for a very short time (say one hour) without various security features being
enabled.
--
Cheers,
Tim
______
Please reply to newsgroup. Reply address is invalid.

"Alex Heney" <(E-Mail Removed)> wrote
> > Not the same as using a pseudo 'hot-spot' that someone has kindly left
open!

> That is exactly what he was doing.

You seem confident of this, but I'm not so sure as I don't see anything to
support it.

For the 'hacked' party to go through all this litigation, but not to place
even a token access limitation in place (thus making it clear that public
connections are unwelcome) seems to me to be very far fetched!

You *MAY* be right, but I don't see anything to support this, and
commonsense would suggest otherwise.

- Mike
PS Reading the Act, it seems that if he had offered to pay then no offence
would have been committed!

On Thu, 28 Jul 2005 13:11:57 +0100, ComPCs in message
<news:(E-Mail Removed) et> wrote:

> In article <o92xm1gvmu9z$.140zujqxwlbip$.(E-Mail Removed)>, me8
> @privacy.net says...
>
>
>> It is just that there have been a number of previous arguments on here and
>> other groups regarding the legality of doing that, and I have always argued
>> that it would be illegal under the CMA.
>
> I see, so, your comments were *not* that you always expected him to be
> convicted under the Communications Act 2003, but that you had expected
> him to be convicted under the Computer misuse Act?
>
> In a 'nutshell', and not meant as a criticism, you were admitting, if
> you like, that you were wrong because you thought the CMA applied, which
> it seems, didn't?
>

Pretty well, yes.

I still think the CMA could apply, but it looks likely that the CPS
disagree with me, or they would have charged him under that as well.

And they are the experts in law (supposedly).


>> So I was just remarking that he had been done under a different act to the
>> one I have always argued for.
>
> Not quite how I read your original post, and subsequently, i withdraw my
> comments suggesting you were being 'conceited'.
>
> Apologies for any offence caused.

Thank you.

No offence taken.

--
Alex Heney
Global Villager
Growing old is mandatory; growing up is optional!!
To reply by email, my address is alexATheneyDOTPLUSDOTcom