Jump to content
mortagen

Free internet... what's stopping me or you other than morals?

Recommended Posts

tThe onus of proof isn't on the innocent party to prove they are innocent. An open network with no illegal content on their PC would get them off - there is no proof they downloaded anything. It's the same if someone steals your car for a robbery. Your car at the scene makes you a suspect but on it's own it won't convict you.

Tell that to RIAA

http://www.afterdawn.com/news/archive/7280.cfm

Share this post


Link to post
Share on other sites

how does one prove that their network was broken in to?

logs...

 

 

Logs will show you that it has successfully authenticated, they won't show ARP Replay attacks, or brute force attacks using pcap dumps.

 

Logs will show that an unknown third party connected to the network.

 

They certainly can show brute force attack attempts, and you would not use an ARP replay attack to break into a secured network and browse websites.

 

how does one prove that their network was broken in to?

logs...

 

 

Logs will show you that it has successfully authenticated, they won't show ARP Replay attacks, or brute force attacks using pcap dumps.

 

The onus of proof isn't on the innocent party to prove they are innocent. An open network with no illegal content on their PC would get them off - there is no proof they downloaded anything. It's the same if someone steals your car for a robbery. Your car at the scene makes you a suspect but on it's own it won't convict you.

 

Nope. The lack of illegal content on the PC means nothing, it could have been stored anywhere.

 

What would help in their defence would be the logs showing a separate computer authenticating and joining the network.

 

The RIAA is not a court. Any idiot can sue anyone else for pretty much any stupid reason.

Yep. But since the RIAA courses are not dismissed, and are based on laws, and cases have been found in their favour, then it no longer becomes a stupid reason. Unfortunately.

Share this post


Link to post
Share on other sites

tThe onus of proof isn't on the innocent party to prove they are innocent. An open network with no illegal content on their PC would get them off - there is no proof they downloaded anything. It's the same if someone steals your car for a robbery. Your car at the scene makes you a suspect but on it's own it won't convict you.

Tell that to RIAA

http://www.afterdawn.com/news/archive/7280.cfm

 

Show me that they won the case and I'll believe you. In this case the onus of proof is on you ;)

 

Oh, and by the way, that case was dropped.

 

http://www.afterdawn.com/news/archive/14548.cfm

Edited by Mac Dude

Share this post


Link to post
Share on other sites

tThe onus of proof isn't on the innocent party to prove they are innocent. An open network with no illegal content on their PC would get them off - there is no proof they downloaded anything. It's the same if someone steals your car for a robbery. Your car at the scene makes you a suspect but on it's own it won't convict you.

Tell that to RIAA

http://www.afterdawn.com/news/archive/7280.cfm

 

Show me that they won the case and I'll believe you. In this case the onus of proof is on you ;)

 

Oh, and by the way, that case was dropped.

 

http://www.afterdawn.com/news/archive/14548.cfm

 

It certainly was not dropped. The afterdawn article mentions the RIAA was preparing to drop the case.

 

As can be seen in the URL I linked to, the open wifi defence did not hold up.

Edited by TheSecret

Share this post


Link to post
Share on other sites

It certainly was not dropped. The afterdawn article mentions the RIAA was preparing to drop the case.

 

As can be seen in the URL I linked to, the open wifi defence did not hold up.

Your link is to this. :

 

Wall of Text link, as requested!

 

can you point to the one that states the wifi defence didn't hold up?

 

The articles I read on the case showed that they were looking for PCs owned by the defendant(and her family) that contained illegal content, so it appeared the IP trace wasn't enough.

Edited by Mac Dude

Share this post


Link to post
Share on other sites

It certainly was not dropped. The afterdawn article mentions the RIAA was preparing to drop the case.

 

As can be seen in the URL I linked to, the open wifi defence did not hold up.

Your link is to this. :

 

snip

 

can you point to the one that states the wifi defence didn't hold up?

 

The articles I read on the case showed that they were looking for PCs owned by the defendant(and her family) that contained illegal content, so it appeared the IP trace wasn't enough.

 

I linked so as to avoid the wall of text. Well done.

 

There's this, as well as various other MediaSentry linked excerpts that show they were looking for(motion for discovery) external harddrives or other evidence of song downloading. This means that the open wifi defence was not sufficient in and of itself.

Share this post


Link to post
Share on other sites

I linked so as to avoid the wall of text. Well done.

 

There's this, as well as various other MediaSentry linked excerpts that show they were looking for(motion for discovery) external harddrives or other evidence of song downloading. This means that the open wifi defence was not sufficient in and of itself.

You linked to a wall of text and stated, "As can be seen in the URL I linked to, the open wifi defence did not hold up.". I couldn't find the reference to wifi there. Since you are now providing another link, can I safely assume that the original link does NOT provide any information showing that the wifi defence didn't hold up as you claimed?

 

I'd like to be clear on that link before we move on.

Share this post


Link to post
Share on other sites

I linked so as to avoid the wall of text. Well done.

 

There's this, as well as various other MediaSentry linked excerpts that show they were looking for(motion for discovery) external harddrives or other evidence of song downloading. This means that the open wifi defence was not sufficient in and of itself.

You linked to a wall of text and stated, "As can be seen in the URL I linked to, the open wifi defence did not hold up.". I couldn't find the reference to wifi there. Since you are now providing another link, can I safely assume that the original link does NOT provide any information showing that the wifi defence didn't hold up as you claimed?

 

I'd like to be clear on that link before we move on.

 

I linked to the index of legal document to show that:

 

1. The case was not dropped as you claimed, and

2. I had thought it was obvious with the fact that the case had been going on for so long, and they had investigated the defendants computers, that the open wifi defence had not held up.

 

There is no direct mention of wifi in either the titles of the documents in the index, or in the second document I linked to. Rather, I am asserting that since motions for discovery were approved for internal and external harddrives, that the defence did not hold up. If you disagree with this logic, I am sure it will be expressed in one of the documents, probably prior to one of the first few motion filings.

 

In any event, can you please remove the unnecessary wall of text, perhaps instead stating that I linked to a wall of text if you feel it necessary?

Edited by TheSecret

Share this post


Link to post
Share on other sites

I linked to the index of legal document to show that:

 

1. The case was not dropped as you claimed, and

2. I had thought it was obvious with the fact that the case had been going on for so long, and they had investigated the defendants computers, that the open wifi defence had not held up.

 

There is no direct mention of wifi in either the titles of the documents in the index, or in the second document I linked to. Rather, I am asserting that since motions for discovery were approved for internal and external harddrives, that the defence did not hold up. If you disagree with this logic, I am sure it will be expressed in one of the documents, probably prior to one of the first few motion filings.

 

In any event, can you please remove the unnecessary wall of text, perhaps instead stating that I linked to a wall of text if you feel it necessary?

Yep, the article I linked to didn't come to fruition and the case wasn't dropped.

 

On the open wifi defence, I disagree that it didn't hold up. Remember, I'm talking about the onus of proof being on those prosecuting the case. The reason they have to look for the PC hard drives is because the evidence linking illegal downloads to a wifi device wasn't enough to convict, i.e. that defence did hold up. So you can see, having an open wifi was not in itself enough to convict a person of illegal downloads even though they may have evidence pointing to illegal downloads from a specific wifi device.

 

So, because they could not convict on the IP trace alone, they have had to chase PCs and hard drives.

 

All I asked for was a case where someone was convicted because of their open wifi - this has not happened in this case.

 

EDIT : For clarity, what I'm saying is that if you have an open wifi and someone uses your network and downloads illegal content, you are not liable. In the case above, having an IP trace to a persons wifi router wasn't enough to convict. They need to have the illegal content on your hard drive.

Edited by Mac Dude

Share this post


Link to post
Share on other sites

They certainly can show brute force attack attempts, and you would not use an ARP replay attack to break into a secured network and browse websites.

One of the simplest ways of cracking WEP is an ARP Replay attack, it's done to gather tonnes of Weak IV packets. It's very effective and it doesn't show up on logs.

 

 

and you bruteforce against captured data, not against an Access Point.

 

Mac addresses don't mean shit, if I was connecting to someone elses network I'd be cloning the mac address of a connected device, just in case they had mac locking

and it's as simple as this

ifconfig eth0 hw ether 00:11:22:33:44:55

If i performed an ARP Replay attack on a network, with a spoofed MAC address then there's not much else that'd be a telltale sign that someone broke into the network.

Edited by Linux_Inside V2

Share this post


Link to post
Share on other sites

They certainly can show brute force attack attempts, and you would not use an ARP replay attack to break into a secured network and browse websites.

One of the simplest ways of cracking WEP is an ARP Replay attack, it's done to gather tonnes of Weak IV packets. It's very effective and it doesn't show up on logs.

Yep, sorry. I was thinking of arp poising for some reason. It doesn't apply to WPA/2 networks however, which is what a secured network would be using.

 

and you bruteforce against captured data, not against an Access Point.

Depending on the situation, you could certainly bruteforce the Access Point, but in general, yes, it would be against packets.

 

Mac addresses don't mean shit, if I was connecting to someone elses network I'd be cloning the mac address of a connected device, just in case they had mac locking

and it's as simple as this

ifconfig eth0 hw ether 00:11:22:33:44:55

If i performed an ARP Replay attack on a network, with a spoofed MAC address then there's not much else that'd be a telltale sign that someone broke into the network.

It's true, there is no inbuilt protection against an ARP replay attack. Using a cloned MAC for a period of time would be noticeable however.

 

If you managed to crack a WPA network, then there would also be logs of this, at least enough to provide reasonable doubt as to the guilt of the owner.

Share this post


Link to post
Share on other sites

If you managed to crack a WPA network, then there would also be logs of this, at least enough to provide reasonable doubt as to the guilt of the owner.

Using Deauth flooding would get enough data to crack the network, and the only thing that might possibly show up on the logs would be the computer constantly reconnecting, but you wouldn't have to bruteforce against the AP, and when you connected with a spoofed mac it wouldn't look any different.

 

The only problem i can see with spoofed MAC's are that it can lead to connectivity issues if you're accessing the net and so is the client machine you stole the MAC address from.

 

But I don't see how you'd have any hard evidence that someone broke into your network.

Share this post


Link to post
Share on other sites

If you managed to crack a WPA network, then there would also be logs of this, at least enough to provide reasonable doubt as to the guilt of the owner.

Using Deauth flooding would get enough data to crack the network, and the only thing that might possibly show up on the logs would be the computer constantly reconnecting, but you wouldn't have to bruteforce against the AP, and when you connected with a spoofed mac it wouldn't look any different.

 

The only problem i can see with spoofed MAC's are that it can lead to connectivity issues if you're accessing the net and so is the client machine you stole the MAC address from.

 

But I don't see how you'd have any hard evidence that someone broke into your network.

 

Connectivity issues are it. Especially if the client computer resets or something, and then maybe can't be assigned their leased IP address. Or what if a limited number of computers are allowed to connect at once, in conjunction with MAC filtering? If MAC filtering was set up, it is likely that the number of clients wouuld also be limited. Many routers also show the computer name, which would be an obvious giveaway.

 

All I said was that the logs should show enough of an anomaly to provide reasonable doubt, not to prove beyond a doubt that someone broke into your network. The connection problems you describe, being a symptom of an attack, and with a lack of evidence on a client computer, this would easily be enough to persuade a court. The level of evidence would depend entirely on the device, attack, level of logging etc.

 

If there is any logging done of websites visited at all, this information could also be used to find a stupid attacker. e.g. logging in with a certain email address.

Edited by TheSecret

Share this post


Link to post
Share on other sites

I linked to the index of legal document to show that:

 

1. The case was not dropped as you claimed, and

2. I had thought it was obvious with the fact that the case had been going on for so long, and they had investigated the defendants computers, that the open wifi defence had not held up.

 

There is no direct mention of wifi in either the titles of the documents in the index, or in the second document I linked to. Rather, I am asserting that since motions for discovery were approved for internal and external harddrives, that the defence did not hold up. If you disagree with this logic, I am sure it will be expressed in one of the documents, probably prior to one of the first few motion filings.

 

In any event, can you please remove the unnecessary wall of text, perhaps instead stating that I linked to a wall of text if you feel it necessary?

Yep, the article I linked to didn't come to fruition and the case wasn't dropped.

 

On the open wifi defence, I disagree that it didn't hold up. Remember, I'm talking about the onus of proof being on those prosecuting the case. The reason they have to look for the PC hard drives is because the evidence linking illegal downloads to a wifi device wasn't enough to convict, i.e. that defence did hold up. So you can see, having an open wifi was not in itself enough to convict a person of illegal downloads even though they may have evidence pointing to illegal downloads from a specific wifi device.

 

So, because they could not convict on the IP trace alone, they have had to chase PCs and hard drives.

 

All I asked for was a case where someone was convicted because of their open wifi - this has not happened in this case.

 

EDIT : For clarity, what I'm saying is that if you have an open wifi and someone uses your network and downloads illegal content, you are not liable. In the case above, having an IP trace to a persons wifi router wasn't enough to convict. They need to have the illegal content on your hard drive.

 

Many thanks for removing the wall of text :)

 

The IP trace was not sufficient to convict someone of downloading an illegal song. However, I find that this has little to do with the open wifi defence. Generally, a motion for discovery must be made, since the IP could have belonged to a previous person connected to the ISP, or the IP itself could be a proxy etc. The fact that they had to search harddrives does not lend support the the defence working.

 

Rather, the fact that they did not disregard the fact that the defend did not own a computer, and that the wifi network was open to anyone, would imply such a defence does not hold up. They still have to find incriminating evidence, but I don't see this as an example of the wifi defence working, but rather as the lack of incriminating evidence defence working. I have not heard of cases for people being convicted of a crime they did not commit, due to having an open wifi network, however as LIV2 points out, this could be hard to prove if done properly.

 

Currently, it would be the responsibility of the owner of the IP address to prove that they did not perform an illegal act traced back to their IP. I feel the car analogy fails a bit. The car can be out of the owners possession, and it can be easy to have an alibi for this reason. An IP address is not out of the owners possession as such, and it would be harder to prove. Certainly the open wifi defence is accepted in some countries as valid, but I am not sure of it's status in Australia or the US.

 

This case certainly rules against it.

Edited by TheSecret

Share this post


Link to post
Share on other sites

The IP trace was not sufficient to convict someone of downloading an illegal song. However, I find that this has little to do with the open wifi defence. Generally, a motion for discovery must be made, since the IP could have belonged to a previous person connected to the ISP, or the IP itself could be a proxy etc. The fact that they had to search harddrives does not lend support the the defence working.

 

Rather, the fact that they did not disregard the fact that the defend did not own a computer, and that the wifi network was open to anyone, would imply such a defence does not hold up. They still have to find incriminating evidence, but I don't see this as an example of the wifi defence working, but rather as the lack of incriminating evidence defence working. I have not heard of cases for people being convicted of a crime they did not commit, due to having an open wifi network, however as LIV2 points out, this could be hard to prove if done properly.

 

Currently, it would be the responsibility of the owner of the IP address to prove that they did not perform an illegal act traced back to their IP. I feel the car analogy fails a bit. The car can be out of the owners possession, and it can be easy to have an alibi for this reason. An IP address is not out of the owners possession as such, and it would be harder to prove. Certainly the open wifi defence is accepted in some countries as valid, but I am not sure of it's status in Australia or the US.

 

This case certainly rules against it.

That case is interesting, but again shows one thing - if someone does use your open wifi to download porn, it won't lead to your conviction. In the cases shown so far, what it does do is make you a suspect, and gives the cops (in the US) "probable cause". In the case you linked to, it was the porn found on the site that sealed the deal.

 

I am only arguing one point, and that is if someone does hack your network, or uses your open network to download illegal content, you wont be convicted of anything providing there isn't illegal stuff on your PC.

 

Thus, I don't believe "if you have WIFI and leave it unsecured, and someone downloads some illegal content it is you who will be liable" is correct. None of the cases linked to so far has shown the conviction of a person in such a case.

Share this post


Link to post
Share on other sites

That case is interesting, but again shows one thing - if someone does use your open wifi to download porn, it won't lead to your conviction. In the cases shown so far, what it does do is make you a suspect, and gives the cops (in the US) "probable cause". In the case you linked to, it was the porn found on the site that sealed the deal.

 

I am only arguing one point, and that is if someone does hack your network, or uses your open network to download illegal content, you wont be convicted of anything providing there isn't illegal stuff on your PC.

 

Thus, I don't believe "if you have WIFI and leave it unsecured, and someone downloads some illegal content it is you who will be liable" is correct. None of the cases linked to so far has shown the conviction of a person in such a case.

I am not aware of any case that shows someone either being convicted, or not convicted due to the possibility of an open wifi network.

 

The cd's seemed to have sealed the deal, at the same time ingoring that they could have belonged to the former roommate, the apprant owner of the yahoo account.

 

That case in the US has possibly set a precedent.

 

A relevant quote:

 

In particular, they didn't buy Perez's arguments that a "mere association between an IP address and a physical address is insufficient to establish probable cause" and that the officers' discovering that he had roommates should have led them to extend their search to cover them.

 

"In this case it is clear that there was a substantial basis to conclude that evidence of criminal activity would be found at 7608 Scenic Brook Drive," wrote the Court. "[T]hough it was possible that the transmissions originated outside of the residence to which the IP address was assigned, it remained likely that the source of the transmissions was inside that residence."

Given the cases so far, I think it is very likely(At least in the US), that an IP could be enough to secure a conviction, despite a lack of illegal content. Especially in a case where someone is using encryption or has recently deleted file. There have been many cases where either of those actions have worked against a defendant. If nothing else, the case shows that the association between an IP and a physical address is reason enough to establish probable cause.

Share this post


Link to post
Share on other sites

It's people who hack open wireless networks that cause the general public to have to secure their networks in the first place. So... I would have to agree with The Fuzz. It's wrong, if you are immoral enough to do it then go ahead, but i would laugh like hell if the person you hack becomes a cop and arrests you oneday and locks you in a cell with someone named bigbubba...

Share this post


Link to post
Share on other sites

OK, I just want to clarify a few things.

 

When this thread delved into a flame war between myself and Mac Dude, this was due to a misunderstanding. Namely that Mac Dude was talking about v1 of the device, while I was talking about v3 of the device and up. We are both correct with respect to the different versions. v1 of the device contains no mention of security in the quick setup, and you cannon escape security as a step while setting up v3 or higher of the device.

 

As such, I would like to offer Mac Dude an apology for accusing him of lying and misrepresentation. I would also hope it is apparent that I was not deliberately trying to misrepresent what Mac Dude was saying, or lying about his points.

 

The misunderstanding was due to the fact that I gave a timeframe with my argument, which v1 falls out of, being almost 10 years old. Now, my argument has an exception to routers that old, explicitly stating it does not apply to these situations, as well as limiting them from being included in the first place. As such, v1 of the device never should have made it into the argument in the first place. The other 2 routers, and v3 and up of the device each support my point.

 

As such, my argument still stands and has been shown to be true. There is no router purchased in the last few years(2005+ at least) that will have an unsecured wireless network by default. Examples of popular routers as exceptions to this rule would be welcome.

 

Even if this was not the case, there are warnings from several other sources making it all but impossible to understand the consequences of not enabling security. Any router purchased in the last few years offering wifi as open must have deliberately dismissed or disabled any security options for the device, implying the connection is free for use.

Edited by TheSecret

Share this post


Link to post
Share on other sites

My brand new RTA1025W (as in bought this month) had Wifi enabled and completely unsecured.

Share this post


Link to post
Share on other sites

Huh.

 

Well, yep, exceptions to every rule..in this case the exception is a small New Zealand company.

 

Routers from D-Link, Belkin, Netgear, Linksys etc all seem to have security as a default or necessary step, and surely that would be most routers sold these days?

 

Even if not, the router is hardly the only place security would be raised as an issue.

Share this post


Link to post
Share on other sites

I have contemplated it, but it's not worth it.

Your data is viewable by other hosts on the router and you may lose your internet at anytime.... =\

Share this post


Link to post
Share on other sites

I have to be honest, Telstra fucked me round for 3 weeks getting my adsl connected at the local exchange (im in Tauranga in NZ) so i just 'borrowed' my neighbours unsecured internet when i really needed to access email etc but yes anyone with morals knows actively hooking into an unsecured network (a neighbours especially) to avoid using their own bandwidth needs a sharp smack with the karma stick.

 

I had a friend though who's windows pc and router were not configured correctly and ended up using his neighbours wireless for 6 months before anyone realised what was going on, he simply thought his isp was retarded and wasn't billing him for his extensive usage.

Meanwhile his neighbours were paying $12.95 for every 10gigs of data, he eventually changed his plan from unlimited down and 128kb/s up to max up and down to take advantage of the situation, then complained endlessly to his isp when he still couldn't get above 128kb/s up, cue technician being sent out and discovering what was going on, thankfully for my friend his neighbours were very understanding and didn't want reimbursement.

I was sad though, his place was my number one torrent and steam update friend.

 

 

Damn speeling

Edited by TheGrEaVeR

Share this post


Link to post
Share on other sites

First off, hi to all the participants of this thread so far, has made for some interesting reading.

 

In reading the above threads i've noted a number of people have made reference to using unsecured wifi networks only when 'necessary', i.e. trying to find directions, checking email etc.

 

Now I realise that if you are lost in an unfamilar neighbourhood it can be frustrating, but imo, it wouldn't be 'necessary' to access someone's unsecured wifi. Just find a store/petrol station and ask for directions/street maps. Or use your phone if you've got one.

 

As for emails, the only necessary emails would be work related, in that case, go to an internet cafe.

 

If you can't be bothered doing either, than it's arguable that whatever you need to access is not really 'necessary'.

 

Secondly, how is it not wrong to access someone's wifi, unsecured or not, without their permission?

 

I don't see how ignorance or even deliberate negligence in not setting their security is an issue. Even if a user repeatedly clicked cancel on a massive red warning telling them they should set a password, I don't see how that would weigh in on this matter. Their ignorance/negligence means nothing, the fact is, you are using someone else's resources without their permission.

 

edit: found an old BBC article on this issue here even Oxford philosophers have weighed in on the debate!

Edited by Malkieri

Share this post


Link to post
Share on other sites

Come on now malkieri.

 

Even if a user repeatedly clicked cancel on a massive red warning telling them they should set a password, I don't see how that would weigh in on this matter.

How does that not weigh in?

 

Yes, the people taking advantage of the situation are too blame, but if a user clicks no on a massive red warning then they are presumably aware of the consequences. Or, even if that's not the case, if I understand your argument correctly, it's wrong to use it even if they were 10% aware of the consequences. That's just rubbish.

 

If I go and leave a soccerball in the middle of a park, and come back to see people playing with it, are the people playing with it in the wrong because they should have known not to touch it, despite it being deliberately being made publicly available? Perhaps, in a perfect world, which is pretty far from ours, where common sense tends play a part.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×