Man Charged With Stealing Wi-Fi Signal

topic posted Wed, July 6, 2005 - 8:01 PM by  Jon


This came up the other day while talking with friends. I honestly didn't know it was against the law. Could this be a Florida only law or is it a federal one.
posted by:
offline Jon
SF Bay Area
  • Unsu...
    I believe it falls under state law... The only federal law I'm aware of that might deal with unauthorized use is the Computer Fraud & Abuse Act, which primarily covers computers dealing with financial, government, or interstate commerce data. Most states have unauthorized use laws though.
    There's a decent reference at
    It's usually not something you'll get slapped with, except this guy was doing it in a sort of creepy stalker-esque manner by camping in front of someone's house and acting guilty when someone noticed him. The only other times I've heard of people getting hit with similar laws are when they used a business' unsecured WiFi connection and actually stole data, interrupted service, or caused damage to the systems. If you're unobtrusively using the service, most people don't mind and even fewer people actually notice.
    • Its electronic Trespass. Same charge you get if you hack/access someones network remotely and they cant find another charge to stick you with.

      They've prosecuted several people in the San Francisco Bay Area for this. People find a hot spot and then camp out in their car in public property adjacent to an organization with weak or unprotected wi-fi. (After the arrests of people in the parking lots and ladder wells, they tried to get smart by staying off the property.) But unauthorized use or access is still electronic trespass.

      In fact, i think it was 2 years ago at the DefCon or RSA security conference in SF, as they do every year, one of the lecturers takes off in the middle of the day with his laptop and gps and sees how many unprotected networks he can locate in the Finance District in one hour. Then comes back and uses this data to underscore his presentation. Well the authorities ended up bringing him up on charges for Electronic Trespass and Evesdropping...
      • In my opinion it is great that they are starting to crack down on this.

        While I run wireless at home it is secured by only allowing listed MAC addresses, WEP Key and I do not broadcast my SSID. But in our neighborhood alone there are seven wireless routers that are transmitting and unsecure.

        Just because it is there does not mean that you should use/touch it. Regardless of how easy it is you are not paying for it, you do not have permission to use it and taking advantage of other people's stupidity for your own personal gain is unethical.

        I think there should be stricter laws with harsher penalties for anything of this nature. Personally I am sick of the script kiddies and hackers. I am tired of the high school and college geeks/phreaks that have nothing better to do than fuck with someone else's resources. Smack their asses and take away their use of computers for a decent probationary period. Repeat offenders send them off to become Bubba's bitch in the big house.
        • ah, come on now. you are mixing your problems a bit, at the least. someone using an open access point has very little to do with "script kiddies and hackers"

          to rehash a discussion from elsewhere, imagine that someone puts up a sign saying "free kegger down the block" (essid broadcast) and you walk down the street and find an open gate (no wep encryption) and a guy sitting by the keg that hands you a glass and then fills it up for you (dhcp). would you then expect to be arrested for tresspassing? if it's stupidity on the part of the party thrower (access point owner) the extention of the analogy would be, "... well shit man, don't throw a keg party if you don't want people to show up."

          after about the sixth time you car gets stolen because you don't know how to lock the door, it's still going to be illegal, but the cops will get pretty damn tired of seeing your face, ya know?

          > advantage of other people's stupidity for your own personal gain is unethical.

          wait - i thought that's what drove free market enterprise.... boy have i been duped!
          • When you have to seek justification for something you know is wrong and taking advantage of those without the technical knowledge to properly configure their equipment it sounds more like you are trying to convince yourself its ok to do what you know its not.

            But using your own examples... You set up a WiFi network in your house, you think you are smart and disable essid broadcast. But you set your ESSID to your last name which is on a placard on the street. Or your neighbors kids bedroom over looks your computer room so he can see the access point (trial and error time). Sniffs your WEP access information and then some more trial and error with IP address ranges (few change them from the default even if DHCP is on. And most use a varied range, just one of the base 10.0.0.x, 192.168.0.x (or 1.x), or 90.0.0.x. So it doesnt take long to figure out the right ip address. And there are many DNS servers that will respond to anyone, not just those on that isp. So boom they are now surfing on your connection.

            No big you say... You dont care if they can or do access your computer, you dont keep anything of value on it.

            Ah, but they now have a safe point to launch an attack on another site. They can try to hack into a site, and if they screw up, no big. Just turn off their wireless card or get a new one when they see the cops outside your door.

            Boom, YOU just got busted and arrested for their illegal activities because it was all traced back to you.

            So back to your anology, that guy that threw that kegger and just handed you the cup... Contributing to the delinquency of a minor... Going to jail because he didnt check your ID first. Or if over the age, you leave the party and get into a car accident and die, your family and anyone else in that accident can sue him for not cutting you off in time and he faces criminal negligence charges. Happens all the time...

            Its one thing to use your skills to better yourself, its entirely different to take advantage of someone elses lack of skill and leave them to pay the consequences...

            Thats where all the electronic trespass laws came from. Thats why police crack down and patrol parking lots of companys known to have lots of wireless access.

            People sitting in the Intel stairways and parking lots are not hacking Intel, but were using Intels network to launch attacks, DOS, Probes, etc from the Intel networks to other targets masking themselves. Thats why the laws and patrols are in effect.
            • whatever. as per the law, if you circumvent protection on a network, you've cracked it and are illegal. if not, you haven't. should be that simple.

              my favorite access point comment is from someone in cole vally that i set a friends laptop up to use - open network, with the ap comment set to "xxxx cole st. bring beer" - now that's more in the spirit of things ;)

              and so, by your logic, don't use computers and don't throw keg parties?. simple enough...

              what's the indemity of municipal wi-fi to illegal activity? what's the coverage for cafes? should be the same for any access point open to the public? (in ref to your liability analogy to the keg guy).

              god damn i feel more and more like a libritarian every day.
            • How are they, just wondering is all, going to pin you w/ anything when none of your hardware has the correct MAC addr of the SRC machine that launched the attack? It's gotta come up somewhere that Mr. Homeowners machine has the wrong addy.
              The AP owner then might have to face charges of not securing the AP and get into trouble? Is that what the authorities do I wonder?

              Thats where AP owners should hire consultants to secure everything for them! Geeks keep working and AP owners are secure. If they don't want to pay for services and try the PnP "do it yoursel" route they get whats coming to them. Do we buy cars and think to do all the maint. ourselves knowing we aren't (for the most part) mechanics? When I do my brakes and forget to bleed them I expect to crash. When someone buys a piece of tech and has no idea of how it works maybe they should either read the book or hire someone to configure it. Alas there are so many resentful cheapskates who liken computers to TV's and expect it all to "just work".

              and WEP? that's secure? but I digress.
              • Most home gateways are NAT connections and strip off your MAC address anyways. All the authorities see is the MAC address and IP address on the Router/Gateway device.

                Thus, you are guilty be default. It can cost thousands in legal fees to prove your innocence.
                • again, what's the indemity of municipal wi-fi to illegal activity? what's the coverage for cafes? should be the same for any access point open to the public?
                  • This is the maximum depth. Additional responses will not be threaded.
                    All Municipal networks I have seen and most cafe's require you to have some sort of account with them or atleast payment history. Ie, you walk in and swipe your credit/atm card to buy 30 minutes... Even if you dont fill out other paper work, they have you. The invoice is tied to the workstation they assign you, or is atleast time stamped, helps the authorities narrow down the time span to search through...

                    Most Municpal services require you to atleast register. Some of the cities that provide free access for its populace assign access accounts to the residents... But those are going to be rarer yet considering the big boy ISP's have won several injunction lawsuits to stop the government for competing with free service in their business areas...

                    You goto the Airport or to Starbucks, you give your credit card information to buy air time... There is nearly always a trail back to you. One of the great and bad things about computers and the information age is everything is now tied into everything else.

                    Of course you could counter with the stolen credit card to buy the air time, but thats a completely different can of worms not related to this discussion.

                    Regardless of any personal feelings on the laws, they are there... If you want a more in depth discussion on it, you'll need to call up a lawyer that handles IT stuff. This here is the limit of my knowledge on the issue.

                    I've learned this through reading the various news outlets, attending several technology security events where they have brought in specialist lawyers to brief us and explain the laws and the loopholes... (Sadly the way the lawyers told us, the loopholes actually benifit the feds, not joe civillian... ie, if they cant nail you with anything else, they hit you with Electronic Tresspass, one of the charges they hit Kevin Mcknick with (yeah i know i misspelled his name...)) and from dealing with the investigations from both sides... For the military tracing someone down, then later trying to prove one of my client companys innocence after one of their employees had setup his own wireless lan in the office without telling anyone... It cost my client $35k in lawyer fees and 4 months to get the case dropped...
                • got me with that one (I forgot about every NIC having it's own MAC id, oooops :).

                  I stll believe if nothing is harmed and someone isn't downloading the .iso from hell it's not a biggie. My wireless network is wide open. I secure my machines as well as I can and call it good. I also tell my neighbors about it. funny thing is I am somewhat paranoid but o.k. w/ sharing wireless. Depends on where you are at as well though.

                  Someday I'll even get a business account from the bastards at comcast and set up a personal telco node but there I go digressing again.
            • Unsu...
              That's the point, it's not clear that it's wrong, so you can't say "you know it is wrong."

              If the person borrowing the connection for innocuous purposes you'd be hard pressed to come up with a good argument that it is unethical (assuming they don't slow the connection up, which it is unlikely it would slow it up signigicantly). I'd like to see an attempt at such an argument.

              There is a difference between something being against the law and it's ethical status. Some things that are perfectly legal are unethical and some things that are against the law are unethical, but some illegal things are perfectly ethical (like selling pot or mushrooms or LSD to a consenting adult, or borrowing space for something legal--it might be unethical to put someone at risk for coming under suspicion for doing something illegal whether or not that thing is ethical.).
              • Unsu...
                Oh, and because there is a potential for using a open network unethically (i.e putting the person under suspicion for something illegal that the person borrowing the connection did) does not mean that someone borrowing the network to write a love email to their girlfriend is unethical. That would be like saying that a person who buys a kitchen knife is unethical because the potential that it can be used to murder somebody.
                • No, it really wouldn't. These two scenarios are not at all related. You're comparing an action taken with a potential for action. Sure you could use the knife to kill someone, or skin a cat, or slash a tire, but you could also use it to slice up some carrots. Either way, you've still taken an individual's resources without permission.

                  I'm not saying I wouldn't do it given some circumstances, I'm just saying this is a terrible and pointless argument, because we all know no one is going to change their point of view on this.
        • > taking advantage of other people's stupidity for your own personal gain is unethical.

          If I tried really hard, I could list about 100 major corporations that are in business on exactly this principle.

          Starting with AOL.

          Those of you in any sort of tech support know what I'm talking about.

        • Unsu...
          If your using it for innocuos reasons, like dealing drugs (unless it's like crack or something) or checking your email, and as long as your not slowing someone down I think you'd be hard pressed to come up with a good argument why it is unethical. Sometimes if your on the road and you need to check directions or remember you have to email someone ASAP, it might be convenient to pull off and drive through a neighborhood to find and open network. Seriously who would you be hurting? (your not going to be slowing them down.)

          Why would you be "glad" someone was arrested for probably doing just this? Your just saying that because you've never had the occasion. But I find it hard to believe that if your, or anyone, found it convenient and necessary to connect to an open network for a little while to retrieve some needed information you wouldn't have a compunction about it if you knew it wouldn't put anyone at an inconvenience.
          • Unsu...
            Besides, I'm sure there are a signigicant number of people with open networks who don't bother to secure it not because they are stupid but because they don't mind sharing (and don't mind the small risk that they might come under initial suspicion for doing something illegal.) What about these people?

            As a matter of fact if there are a significant number of people who feel this way , which there probably are considering the number of people I've heard about wanting to set up a wide-coverage community Wi-Fi system (like Half-Moon Bay has), then having an open network might be considered as a tacit invitation to use the system.
            • How about this for a twist... Many ISP have bandwidth limits...

              So you go to check your email and its not working. And you call the ISP and they tell you that you are over your limit... Huh? all I do is check stock reports and get Viagra email...

              Or worse you get your monthly bill and expect a $50 charge and get a $200 bill because of overage fees. (I have seen both happen)

              In both cases other people using your connection without your knowledge or consent is still theft and you are forced to pay for it.

              You are likening your arguements to someone buying a six-pack of beer and saying its ok if you snag one while he isnt looking because he still has 5 left...

              From Websters:
              Main Entry: theft
              Pronunciation: 'theft
              Function: noun
              Etymology: Middle English thiefthe, from Old English thIefth; akin to Old English thEof thief
              1 a : the act of stealing; specifically : the felonious taking and removing of personal property with intent to deprive the rightful owner of it b : an unlawful taking (as by embezzlement or burglary) of property
              2 obsolete : something stolen
              3 : a stolen base in baseball

              By using someone elses connection without permission, you are in fact stealing by definition. You are using their allotted bandwidth thus depriving them of the full speed and potenially depriving them of their monthly allotted bandwith usage.

              You in turn are not giving them anything in trade while they are unknowningly paying for your usage as well as their own.

              Just because you are not sending spam or trying to hide behind them while hacking doesnt mean what you are doing is illegal. The act of using their resources without consent is.
              • Unsu...
                The ISP bandwidth thing is ridiculously implausible. Your not going to bump them up over their limit. You are not taking a significantly limited resource. (But I'll grudgingly concede that there is a ridiculously small risk that you might be the one to bump someone over the limit. But consider the fact that your taking a much bigger risk when you drive, as you might do more than bump someone over their bandwidth, you migh bump someone off the road no matter how safe a driver you are, and kill them! So is driving immoral unless you absolutely NEED to do it?)

                Dictionaries don't make good ethics manuals. If some type of "theft" can be done without hurting anyone, even if it has to be considered as some very remote side-effect of your actions, as it would apparently be in this case, if there was any such chance of harmful side-effect at all, which seems unlikely, then it simply would mean that it is indeed possible to comit theft without breaching any reasonable ethical standards. Nothing new really, "theft" has always been toyed with by ethicists as something usually considered unethical but in which you can come up with scenarios in which it is in fact ethical--even situations in which it is the only ethical action to take. This is just another obvious one of those scenerios if ethical theft, or atleast amoral theft, if you insist on considering borrowing a little bit of bandwidth "theft". Just because it has the same name as some usually unethical act does not make it an unethical act. Saying it's immoral because you can call it "theft" is a rather unsophisticated argument that might convince a middle school student.

                Try again.
                • Unsu...
                  Oh yeah, and just surfing the internet is not likely to have a significant, i.e. noticeable, enough effect to make your actions have any ethical bearing unless they are on a dial-up, which isn't likely if they have Wi-Fi. Again, it's not a significantly limited resource to have ethical implications. It's like saying waliking into someone's yard to knock on their door to ask them to sign a petition is unethical because you are taking their air, or because your impercebitbly wearing down the pathway to the door.

                  Like I said, your hard pressed to come up with a good argument to make this an unethical act. Try again...
                  • This is the maximum depth. Additional responses will not be threaded.
                    The easiest way to put it then since you want to try and argue somantics to justify actions...

                    Did you ask the person if you could use his connection?

                    Did he say yes?

                    If you answered no to either or both of those questions then what you are doing is wrong and unethical.

                    The harder you try to defend the act of using the connection without permission, the more unethical your arguement becomes.

                    And as stated before, if Joe home user is not technically savy enough to secure his Wi-Fi connetion, your use of your knowledge to take "advantage" of that fact is in itself immoral and unethical.
                    • if the defacto reality was that most people secured thier wifi, then it would be a matter of taking advantage of someone if they forgot to.

                      if the defacto reality is that tons and tons of people don't (which it pretty much has been up to now, and in a lot of cases do so on pourpose) and most people who have a connection worth puttng a fucking wifi router on don't pay bandwith allotments, then i don't see an ethical issue here.

                      have you ever been late for an appointment, trying to find the address, whip out your laptop, grap an open wifi link and check yahoo maps? is that unethical?

                      btw: property is fundamentally defined by it's boundries (care to argue this point?). even if this propery is land, and there are no fences (wifi w/ no encryption analogy), all it takes is putting up signs designating it as private property, and have a survey done, and john law is on your side. if you haven't done a survey of your property lines (vaguely possible w/ wifi coverage, but the overlaping real-world property boundries and the wifi boundries, among other issues, would shoot this all to hell) and don't put up signs indicating that it's private property, then mr j.l. is going to tell you that you don't have a leg to stand on. to wrap up, you have to let a potental violator know that there is something to violate for there to be a crime, or even ethical conundrum.

                      you know, it would be a lot easier from an legal, and even an ethical, point of view to make it illegal to have an unprotected wifi hotspot. how cool would that be? yeah!
                  • This is the maximum depth. Additional responses will not be threaded.
                    While you're at it perhaps you could siphon some of the gas from their car to help you along your way. There's nothing wrong with that. The car is parked on the street where anybody can get to it, and it's not like there's a lock on their gas cap. After all, you're not taking *all* of their gas, just knocking a few miles off their tank.

                    Maybe you could leave them a ten-sack as recompence?
                    • Unsu...
                      Dude, your not making ethical arguments. I wasn't arguing semantics, you were (I didn't mention the dicitonary, you did!), I was simply showing you that your argument based on semantics was meaningless. If you think my argument was a argument about semantics you need some serious training in evaluating arguments.

                      In no way is it like siphoning gas since gas is a significantly limited resource. Bandwidth is not a significantly limited resource, barring the remote possibility they are on a dial up and you aren't doing anything unusual. Equating it to something so obviously unlike the action in question is a sure sign of getting desperate for an argument.

                      The crux of an ethical question is "Are you hurting someone, including the possibility of putting them out economically, in any way?" And you have failed to show this is the case.

                      Whether you asked them or not doesn't have any bearing on that question.
                      • I dont know where you get Bandwidth isnt a limit resource...

                        Granted, many users dont hit their bandwidth ceiling each month. But some do.

                        Read the contracts, buried deep within them they have terms stating you are allotted x ammount of traffic per month and that if you exceed that, you are termed a high volume user and can either be disconnected or charged a surcharge for bandwidth in excess of that ammount.

                        And you are skirting the main ethical point.

                        Did Joe Home Owner say you could use his service that he pays for?

                        No? Then doing so is unethical, Period.

                        To answer your question, "are you hurting someone" - to a degree yes, you are using something they paid for without compensation adn without permission.

                        And they are forced to face any liability for your actions.

                        Ethics is whats right or wrong. Nowhere does it state someone has to be in peril for something to be unethical.

                        If you take something that is not yours, you are wrong. Its unethical.

                        The only one here not making logical arguements is you. Instead of addressing the base point, right or wrong, you are trying skew things by saying, I am not hurting him, so doesnt that make it ok? Answer, no, its still not ok.
                        • X
                          offline 19
                          I think that something which makes this a difficult subject is that a lot of people *intentionally* leave their wireless networks open, just like a lot of businesses and even some local governments do. So when you find a wide open wifi network, you think that you may have an invitation.

                          Several years ago, I had to worry about putting a blurb into the /etc/motd of every Unix server I worked with. "WARNING: This system is for use by authorized personnel only..." etc. People were breaking into systems and claiming that they didn't think that anyone minded, that they'd been told there was a hacking competition going on at that address, or something similar. We had to add those motd messages to eliminate such lame-sounding excuses. With a wide open wifi network, I think that one enters an area where the intent of the owner really IS ambiguous. I have left mine open for other people to use. I have used open WAPs a couple of times myself, and I didn't do so with the belief that I was bothering anyone, or doing anything which they'd mind. I have set up open access points for local government entities, which they intend for people to use freely, and I have more installs coming up. Free internet access for all is a very tempting agenda.

                          I think that Florida is just being anal. I don't think that change would stand up in a California court, and I will think it very silly if it stands up anywhere else.
                          • Good point and excellent example, but is there anyway to force a message to pop up when someone connects to your router? I can't seem to do it with my linksys, however it's not wireless.
                            • X
                              offline 19
                              There are tons of ways to keep people out of your wifi network.

                              Don't advertise your SSID, or make it something like "Private-keep_out."

                              Use WEP or WPA.

                              Limit access by MAC address.

                              And on & on & on.

                                Now doing what Mr. Flickenger demonstrates in the "wild" would be IMO fun but wrong. WPA looks to be the only decent way to lock people out. WEP might fool some but it sucks, I read somewhere (sorry no link) about a couple of fed's (FBI) who whacked WEP in under 3 min. And MAC shelters as shown by Mr. NoCat are pretty thin.

                                Ah, the times we live in =-)
                                • X
                                  offline 19
                                  WEP has some dumb weaknesses, but attacking it typically requires logging 2 GB of packets off the network before you can get anywhere. Not good enough to protect confidential information, no -- but definitely good enough to let people know that you aren't trying to attract random users. And that was the topic, people making mistakes about whether an access point is meant to be open, or was just set up by a very ignorant or careless person. WEP is more than enough to let people know that guests aren't welcome.
                      • The gas analogy was meant to be ironic. The ten-sack comment should have made that obvious for you. It was also a jab at you for declaring your battleground in ethics. You who loudly declare you sell drugs and take things without asking, both of which are widely regarded as illegal as well as unethical.
                        • Unsu...
                          Yes, ethics is the battleground when someone is claiming something is unethical. I never declared I sell drugs. It just so happens that I hav not had occasion to get into that line of bussiness. I just said that it is not unethical (in the case of a few kinds of drugs it maybe is, but not many.) Just because people in a society consider something wrong, does not mean there is a good reason for it. IN the 1930's about just as many people who today think it is wrong to sell drugs had the belief then that it was extremely immoral to have sexual relations with someone of a different race. There was no good reason behind it of course, just like there is no good reason that selling certain recreational drugs are wrong (for many illegal drugs there is absolutely 0 scientific studies showing any kind of significant harm. Pot, psilocybin mushrooms, or DMT for example.) or connecting to an open wi-fi network.

                          You just are asserting either arbitrarily or based on some sort of "conventional wisdom" that this thing is wrong. But neither conventional wisdom or arbitrary assertions are REASONS, which I could give better attempts than you did at REASONS why it might be immoral, but which failed to do at all. Sadly many people don't have very high standards when it comes to reasoning for ethical assertions, most of the time people find it adequate to make arbitrary assertions, or use "conventional wisdom". Some effects of this attitude can be seen in the disfigured faces of some women in Afghanistan after having acid thrown in there faces for being outside without a Burka--it was "conventional wisdom"in their culture that women should not show their faces--or some guy might go to jail for looking up mapquest on somebody's Wi-Fi connection in Florida.
  • This type of enforcement is something we will all have to become accustom to I fear. People who do not understand fully the technology will usally apply logic as to what is right and/or wrong with what they know. (i.e. They most likely used some logic like: "Hey if I left my car unlocked, with the keys in it and running, it would be illegal for someone to drive off with it and then bring it back without harm.")

    The goal *I think* is to try and bring people (companies) up to speed with net culture and the understanding that information networks do not have the same boundries and rules as the physical world.

    But that is just me... an I am often wrong... but my world has pretty flowers :)

Recent topics in "Linux Nerds Unite!!"