Log onto an unsecured wireless LAN, go to jail.
August 1, 2002 9:07 AM Subscribe
Log onto an unsecured wireless LAN, go to jail. This frightening story involves a computer security expert doing a bit of war driving. The fact that he didn't access any of their files, and that they shut down the network instead of simply reading the manual on basic WEP security didn't stop them from claiming $5,000 in damages and bringing charges, with possible fines up to $250k and up to 5 years jail time.
This at the end of the Houston Chronicle story: County Attorney Mike Stafford said he will resume his investigation into whether the security breach was corrected as promptly as county officials learned of it and the origin of a pornographic picture found on the clerk's office server in March.
Could this be the motivation for such swift action on the county's part?
posted by poorhouse at 9:23 AM on August 1, 2002
Could this be the motivation for such swift action on the county's part?
posted by poorhouse at 9:23 AM on August 1, 2002
Here is the earlier article from March which talked about in the story linked to by mathowie.
It brings some more insight into some of the internal bickering going on about this security problem, including the accusation of Puffer posting a pornographic picture on the network. Sheesh.
posted by zsazsa at 9:29 AM on August 1, 2002
It brings some more insight into some of the internal bickering going on about this security problem, including the accusation of Puffer posting a pornographic picture on the network. Sheesh.
posted by zsazsa at 9:29 AM on August 1, 2002
i blame the tech industry. lies of omission. cellphones are radios, wireless networks are radios, kids build radios for 6th grade science projects, radio is a more than a half-century old technology and not a mystery to much of anybody (but the clueless masses). solution? criminalize radio reception. it's already been done in the cell spectrums - way back in the 1930's the radio spectrum (the "airwaves") was declared to be a public asset. at the onset of the cell "phone" boom industry lobbyists convinced congress to declare certain areas of that public asset off limits to the public which owns it. i can't beleive the morons who buy this "wireless technology" (like best buy) and then react with surprise and outrage when they find out anybody can listen in. i can't beleive the gall of the industry that sells the stuff knowing full well that there isn't a secure aspect about it and yet fail to explain this to buyers. i can't beleive the public stands still while long established rights are stripped away for the convenience of an industry which sticks it to thier customers so blatantly.
posted by quonsar at 9:52 AM on August 1, 2002
posted by quonsar at 9:52 AM on August 1, 2002
They're charging him in the March 8 "wardriving" incident, not the March 18 demonstration to the officials. It also sounds like there's a subtext here of him possibly trolling for business as a "security analyst" -- which may have their hackles raised, considering their prior work relationship.
There isn't enough detail to show what was done on March 8, though the picture business indicates they suspect it was a serious intrusion.
I want to defend ethical hacking as much as anyone; it's probably not wise to treat it as a business opportunity. Nor is it wise to discourage people coming forward by throwing the book at them, though.
posted by dhartung at 10:03 AM on August 1, 2002
There isn't enough detail to show what was done on March 8, though the picture business indicates they suspect it was a serious intrusion.
I want to defend ethical hacking as much as anyone; it's probably not wise to treat it as a business opportunity. Nor is it wise to discourage people coming forward by throwing the book at them, though.
posted by dhartung at 10:03 AM on August 1, 2002
why isn't it wise? If someone can get in they can get in. Period. If you are a biz that uses wireless without tight ethernet MAC-ACL security _plus_ passwords _plus_ crypto on the traffic you are asking for it just like you would be if you put a terminal on the street for public use. These businesses are practicing an irresponsible policy that could harm the public (ie secret records stolen, financial systems compromised, etc.)
No one would be saying the same thing if they left their doors unlocked and propped open over the weekend as SOP. In that case it would still be a crime to go into their offices, but everyone would blame them for being stupid enough to leave themselves so exposed.
posted by n9 at 12:05 PM on August 1, 2002
No one would be saying the same thing if they left their doors unlocked and propped open over the weekend as SOP. In that case it would still be a crime to go into their offices, but everyone would blame them for being stupid enough to leave themselves so exposed.
posted by n9 at 12:05 PM on August 1, 2002
...didn't stop them from claiming $5,000 in damages...
If I had evidence that someone had intruded on a network containing sensitive data, I would almost certainly shut that network down until I could plug the hole and ascertain what had been compromised and what hadn't. While I would hold myself responsible for the costs incurred of making the network secure again (something I should have done in the first place), I would hold the intruder responsible for the costs of ascertaining what had been compromised and what had not. The latter costs could easily surpass $5k.
If someone sneaks into my house and sodomizes my cat, I might take some responsibility for leaving the door unlocked, but they still gotta buy me a new cat
posted by joaquim at 12:10 PM on August 1, 2002
If I had evidence that someone had intruded on a network containing sensitive data, I would almost certainly shut that network down until I could plug the hole and ascertain what had been compromised and what hadn't. While I would hold myself responsible for the costs incurred of making the network secure again (something I should have done in the first place), I would hold the intruder responsible for the costs of ascertaining what had been compromised and what had not. The latter costs could easily surpass $5k.
If someone sneaks into my house and sodomizes my cat, I might take some responsibility for leaving the door unlocked, but they still gotta buy me a new cat
posted by joaquim at 12:10 PM on August 1, 2002
and what's wrong with the sodomized cat? he just walks a little funny, otherwise it's a perfectly good cat. what kind of heartless cruel person writes off a cat just because of a little sodomy? help fight this cruel practice by sending $20 to:
quonsar
society for the sheltering of sodomized cats
p o box 01379b
grand rapids mi 49525
posted by quonsar at 12:39 PM on August 1, 2002
quonsar
society for the sheltering of sodomized cats
p o box 01379b
grand rapids mi 49525
posted by quonsar at 12:39 PM on August 1, 2002
what kind of heartless cruel person writes off a cat just because of a little sodomy?
Q: What do you get when you cross an elephant with a cat?
A: A dead cat with a big hole in it.
posted by joaquim at 2:24 PM on August 1, 2002
Q: What do you get when you cross an elephant with a cat?
A: A dead cat with a big hole in it.
posted by joaquim at 2:24 PM on August 1, 2002
quonsar, this is exactly why I like living in Canada!
I got bored and bought myself a scanner (again) that does all kinds of bands not so long ago. Rules up here say that unless you protect your transmission in some manner, its open game (but you aren't allowed to use the information you gather for profit, or discuss the contents of the information you gather with other).
Now, if we could just convince the supreme court that they are wrong for rewriting the rules on 9-1c of our radio communication act (this specific rule outlaws decryption of Canadian services without permission - rewritten to include unauthorized foreign services) I think Canada would become a haven for tech security people (not that it isn't already)! :-)
posted by shepd at 2:32 PM on August 1, 2002
I got bored and bought myself a scanner (again) that does all kinds of bands not so long ago. Rules up here say that unless you protect your transmission in some manner, its open game (but you aren't allowed to use the information you gather for profit, or discuss the contents of the information you gather with other).
Now, if we could just convince the supreme court that they are wrong for rewriting the rules on 9-1c of our radio communication act (this specific rule outlaws decryption of Canadian services without permission - rewritten to include unauthorized foreign services) I think Canada would become a haven for tech security people (not that it isn't already)! :-)
posted by shepd at 2:32 PM on August 1, 2002
...but they still gotta buy me a new cat...
Or at least plug the holes in the old one.
Eeewwwwwww...
posted by mikewas at 11:42 AM on August 2, 2002
Or at least plug the holes in the old one.
Eeewwwwwww...
posted by mikewas at 11:42 AM on August 2, 2002
This thread has been archived and is closed to new comments
posted by mathowie at 9:09 AM on August 1, 2002