Forgot your password?
typodupeerror
Australia Security Wireless Networking

Queensland Police to Look For Unsecured WiFi Spots 255

Posted by samzenpus
from the going-down-under-cover dept.
OzPeter writes "As a part of National Consumer Fraud week, the Queensland Police are going war driving in order to identify insecure WiFi setups. From the press release: 'The War Driving Project involves police conducting proactive patrols of residential and commercial areas to identify unprotected connections. Police will follow this up with a letterbox drop in the targeted area with information on how to effectively secure your connection.' While some people may like having an open WiFi AP its interesting to see that the Police also feel that 'Having WEP encryption is like using a closed screen door as your sole means of security at home. The WPA or WPA2 security encryption is certainly what we would recommend as it offers a high degree of protection.'"
This discussion has been archived. No new comments can be posted.

Queensland Police to Look For Unsecured WiFi Spots

Comments Filter:
  • by zippo01 (688802) on Friday March 23, 2012 @01:59AM (#39448319)
  • by Aaron B Lingwood (1288412) on Friday March 23, 2012 @02:01AM (#39448325)
    Merely 15 years ago I was doing the exact same thing and have been, on umpteen occasions, questioned, detained, given a 'move on' notice or just generally harassed.
  • by mdm42 (244204) on Friday March 23, 2012 @02:03AM (#39448337) Homepage Journal

    I have an open Wifi setup. My attitude is that connectivity has become basic infrastructure, and all "lock it down" freaks have just bought into the agenda of ISPs who don't want us to share bandwidth to boost their own profits.

    If you're a guest in my home, you're welcome to use the bandwidth, along with the lights and water. Can you imagine visitig a friend only to be told, "Look, here's the PIN code to unlock the lights, and here's the key in case you want to wash your hands." Ridiculous. I accept that there's a risk of someone lurking in their car outside the property boundary to leech off my internet connection, but there's a risk of someone stealing water from my outside, unprotected taps, too. OTOH, if bandwidth were shared freely everywhere there'd be no need to sneak around "stealing" it, would there?

    It's the 21st Century, man. Get over it!

    • Re: (Score:3, Insightful)

      by Anonymous Coward

      I'd be more worried about an identity thief stealing data than a passerby leeching bandwidth. Easier to just wall it off. FWIW, we just post the password on the fridge, so our actual guests can use it if they want.

      • by hawkinspeter (831501) on Friday March 23, 2012 @03:28AM (#39448635)
        What I do is use a WPA2 network that all my devices use and an open network for guests to use that is firewalled from accessing the other network. That gives me the best of both worlds.

        My attitude is that if I'm out and about and want to get WIFI, I'd like other people to provide open guest networks, so it makes sense for me to provide one for other people to use.
        • Re: (Score:2, Funny)

          by Anonymous Coward
          My neighbor did this for about 2 weeks till they discovered that i use a lot more bandwidth then them. It took 3 months before it came up in conversation where he talked about some punk kid maxing out his internet pipe. I just smiled and agreed that those punk kids need to cut it out. :P Sure that can be easily fixed by limiting the guest network bandwidth but not every user or router allows/knows how to do this.

          it was nice though to use two separate networks for torrents.

    • by gl4ss (559668)

      I have an open Wifi setup. My attitude is that connectivity has become basic infrastructure, and all "lock it down" freaks have just bought into the agenda of ISPs who don't want us to share bandwidth to boost their own profits.

      that's the problem when the wide area wireless isp's and local cabled isp's are the same entity.

    • by Aaron B Lingwood (1288412) on Friday March 23, 2012 @02:35AM (#39448465)

      My attitude is that connectivity has become basic infrastructure

      I concur. I would like to see connections open everywhere with the option of limited surfing as Guest (should the host feel generous) or having to authenticate to my ISP (or the NBN or some central authority/network) through this random open connection, and have all usage billed to my account.

      • Re: (Score:2, Interesting)

        by Anonymous Coward

        Me too. And that's why I think what the Queensland police is doing is sort of OK. I don't want to use someone's Wifi if the they don't mean to leave it open. My stance is that an open network is open to everyone, practically, legally and morally, because it uses a public resource, advertises itself as open and in no way gives any indication that it is not meant to be open, even though that is trivially easy to do. People who don't want strangers on their Wifi should turn on encryption, and if that's what th

      • ... and have all usage billed to my account.

        I believe that the 802.11ai working group is working towards that goal.

      • I do like this idea, but I worry that it'll breed a whole new vector for phishing. Put up a wifi spot with a fake login page, and collect the accounts of "roaming wifi" users. Then use their airtime elsewhere, or worse-- make it seem like they've connected OK, but keep a MITM to sniff all their traffic.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Unfortunately the ISP cartel in Australia charge like wounded bulls and most (all?) plans are capped, so if your neighbour decides they like your connection you can burn your plan with ease.

      Guests in my home are also welcome to use my WiFi - let me type the password in for you.....In the same way I give them the spare key and travel pass.

    • by Errtu76 (776778)

      Exactly!

      Mine is encrypted though with 'acomplicatedpassword' which is very easy to type so I never get the odd looks I get whenever someone asks me for the passphrase.

    • by mvar (1386987) on Friday March 23, 2012 @03:48AM (#39448689)
      You should be more worried if someone uses your WiFi internet connection to do something illegal. Next moment the cops will be raiding your house, seizing all your hard drives for further examination, while you go through all the hell of the legal process attempting to prove that you are not an elephant. No thanks, if a guest wants to access my wifi he should ask for the password and take the extra 30 seconds needed to type it in.
      • by Anonymous Coward on Friday March 23, 2012 @06:02AM (#39449135)

        By everyone locking down their wifi you provide credibility to the claim that an IP equals a perpetrator.

        If I were to say, brute force your WPA2 using my graphics card, you would have a harder time making your case than if your wifi was open and it could have been anyone.

        I care more about protecting the innocent than persecuting criminals I guess.

      • Indeed. People seem to think that leaving it open will be sufficient defense -- either glossing over or ignoring the fact that their equipment will be seized under warrant well before the authorities start asking questions that might reveal this defense. Ultimately the lack of offending content will be what saves them - not the fact that their APs are open.

    • by im_thatoneguy (819432) on Friday March 23, 2012 @03:50AM (#39448693)

      I have an open Wifi setup. My attitude is that connectivity has become basic infrastructure, and all "lock it down" freaks have just bought into the agenda of ISPs who don't want us to share bandwidth to boost their own profits.

      Screw the ISP I don't want my cheap-ass neighbors slowing my Netflix down to a crawl while they download 10 seasons of some anime shit.

      If we all "had internet" and people stuck to HTTP web traffic I wouldn't care. But I've had roomates before--hell I have myself as a roomate and I know that my internet is not big enough for the both of me from time-to-time let alone neighbors.

      If I had a gig-e pipe they could be free to do as they please but I don't pay for my apartment building's electric bill, I pay for mine. And based on the fact that I can't even leave my laundry detergent on my little spot of shelf in my apartment building without it being used up in a couple weeks (and 2 loads of laundry from me) I know if they could secretly plug their water into my tap they would.

      If I'm playing TF2 I expect there to be 0 torrenting and streaming on my connection so that my pings stay reasonable. It's bad enough knowing if one of my computers found an 'interesting' RSS feed let alone having two moochie neighbors.

    • Re: (Score:2, Informative)

      by VortexCortex (1117377)

      I have an open Wifi setup

      I have a SSL Strip and other ARP Poisoning MITM Attacks. What's your home address?
      Do you ever buy anything online? Would you like any script-kiddie to see AND MANIPULATE everything you do online?

      Here's some advice for you ignorant folk who insist on leaving their WIFI insecure: Turn on WPA. This defeats ARP Poisoning via per client encryption keys. WAIT! Hold your uneducated retorts for just a second: Set the password to "Welcome" and the SSID to "Password is Welcome". You can stencil "Our WIFI p

    • by cmdr_tofu (826352)

      Not that i've rtfad or anything but i think isps in au and nz have metered charge systems. so if a neighbor uses your bw, you pay. They have every incentive to use your bw instead of their own (raising your bill).

      Here in usa, i have no security on my wifi either, but it only grants access to my lan. To use the internet, openvpn is required. I usually relax that for guests as i cannot support every client.

    • by eyenot (102141)

      I think you're right.

      The ISP model is based on net scarcity, isn't it? We're talking about the internet, something which many people today might just take for granted in that it has not always existed.

      The relative scarcity of ways to get online was, at one point in time, a profitable market. You could take advantage of that scarcity and charge people to get online.

      But it's a corrupted and oppressed market, much like the diamond trade. Consider the whole DSL thing. The phone companies didn't win the war agai

    • by Dcnjoe60 (682885)

      A guest in your home is fine. Of course, even with WPA2, as a guest you can give them the password. Then again, you take responsibility for a guest in your home. What if your neighbor's kid uses your intentionally free access to do something illegal, like child porn. Are you not then contributing to the activity? In addition, the authorities are going to come after you, because it is your IP address they will have.

      Now one may argue that they were not a party to the activity, just like an ISP is not a p

  • Accountability (Score:5, Insightful)

    by rwa2 (4391) * on Friday March 23, 2012 @02:06AM (#39448347) Homepage Journal

    Plus, it's easier for them to book you for thought crimes they catch you committing via their IP taps. They'll have none of that "but my wifi is open -- it could have been anyone" defense. That won't work for you, sir, you'll be held accountable for whatever flows through your pipes!

    • Including Simpsons porn [qt.com.au]
    • by houghi (78078)

      And good for them. They will also warn if you have left your car door unlocked and motor running. At that moment you should not claim that your car was stolen and used in a robbery. Well, you could, but would have a LOT of explaining to do.

      OTOH the majority of people will have absolutely no clue that their Wifi is open and will be grateful that they were warned.

    • by johnjones (14274) on Friday March 23, 2012 @02:35AM (#39448467) Homepage Journal

      thats exactly it !

      realistically hacking a wpa setup by a person with no experience is pretty unsecured
      (do you really want to know how many people have password1 or changeme...)

      have a look at this:

      http://open.youyuxi.com/

      australia is censored beyond what I certainly expected...

      regards

      John Jones

  • Google (Score:5, Interesting)

    by Aaron B Lingwood (1288412) on Friday March 23, 2012 @02:09AM (#39448353)
    Doesn't google already have this data?

    This looks like a money grab from this years' budget

    The QPS is always complaining that they do not have enough funding to pay their staff. Now they are wasting precious manhours to mine data that they could easily purchase (or even receive for free) from Google.

  • by V!NCENT (1105021) on Friday March 23, 2012 @02:10AM (#39448359)

    Finaly an actual initiative to protect and serve the people! A little faith in government restored.

  • by Anonymous Coward on Friday March 23, 2012 @02:15AM (#39448379)

    NSW police may be interested in my wifi ssid "Police_Surveillance_Van_71A"

  • Possible Abuse (Score:4, Interesting)

    by Aaron B Lingwood (1288412) on Friday March 23, 2012 @02:26AM (#39448413)

    I find it odd that QPS Media has failed to supply the public with any technical information on what tools they are using and the scope of the exercise
    Are they simply searching for wireless networks? Or going as far as trying default passwords?
    Are they geocaching MAC Addresses and SSIDs that will be used in other investigations?
    Are they sniffing traffic? Are they collecting any personally identifiable information?

    While this is a nice service, I do think this does not fall under the purview of the state police
    If this is simply a SIGINT operation in disguise, it is better left to the DSD or ASIO
    If this is simply a community service, the state governement should use grants to coerce the industry to extend their voluntary code of practice so that ISP's are responsible for making their customers aware of the risks as part of the signup process.

    • by AHuxley (892839)
      DSD/ASIO would be getting every packet in and out of Australia by default over any telco link.
      If your chatting with Africa, Asia or the Middle East- your on a list shared with the UK, NSA ect..
      As for sniffing traffic, they would do that as a drift net - all flagged p2p files, forums, chatrooms - going after the person and ip.
      MAC Addresses and SSIDs that will be used in other investigations would really be long term with unmarked vans/cars.
      It sounds like a simple tool that shows a pad lock or no padlock
    • While this is a nice service, I do think this does not fall under the purview of the state police

      Why not? The police are in the business of crime prevention as well as catching criminals.

      Breaking into someone's house and stealing their stuff is a crime. If you do it, the police will (hopefully) come after you and lock you up. The police also have programmes whereby they will tour the neighbourhoods and if they spot some bit of bad security they will knock on the door and tell you about it so you can fix it *before* someone takes advantage of it.

      Breaking into someone's network is a crime*. If you do

      • While this is a nice service, I do think this does not fall under the purview of the state police

        Why not?

        The Commonwealth Criminal Code completely covers all aspects of unauthorised access. Computer crime has always been a federal crime. The federal police have the experience and resources to deal with this. In the past, I had reported (read: attempted to report but was refused) several minor computer crimes that involved my network or my workplaces. Usually theft of services/data. The state police had ZERO understanding. I realise that QPS have, for almost a decade, really focused on strengthening their tech

      • by drsmithy (35869)

        On the other hand, I very much believe that it should _not_ be a crime to use an open network, because there is no reasonable way to know that it wasn't intended to be an open hotspot.

        By your logic, it's reasonable to assume anyone without a fence and locked door is inviting me in for dinner.

        • On the other hand, I very much believe that it should _not_ be a crime to use an open network, because there is no reasonable way to know that it wasn't intended to be an open hotspot.

          By your logic, it's reasonable to assume anyone without a fence and locked door is inviting me in for dinner.

          No. Public areas (parks, etc) are usually clearly marked as such - it is pretty easy to tell the deifference between a park and someone's unfenced garden.

          On the other hand, wifi has a flag in the protocol explicitly to tell you if it is public or private and there is no other sensible way to tell this. Unfortunately, access points that are accidentally left open will also be broadcasting an "I am a public hotspot" flag, even though the owner didn't intend to do this.

          As an example, if you go for a coffee i

          • by drsmithy (35869)

            Public areas (parks, etc) are usually clearly marked as such - it is pretty easy to tell the deifference between a park and someone's unfenced garden.

            It's pretty east to tell which wifi hotspots are setup for "public use" as well - assuming you're being honest with yourself.

            As an example, if you go for a coffee in "Bob's café" and you find an open access point called "bobs_wifi", are you to assume that this is intended to be used by the customers of the café, or should you assume that Bob lives a

            • As an example, if you go for a coffee in "Bob's café" and you find an open access point called "bobs_wifi", are you to assume that this is intended to be used by the customers of the café, or should you assume that Bob lives above the café and this is his personal wifi that has been set up incorrectly? (And yes, it's pretty common for cafés to provide free wifi in the form of an open access point and not even bother to advertise the fact).

              It would be _reasonable_ to assume it's only meant for customers. Just like it's _reasonable_ to assume those newspapers and magazines lying around are for customers and not random passers-by.

              Did you read what I wrote or did you just read the first few words and make the rest up? I never said anything about non-customers, the choices I offered were:
              1. it is intended to be used by customers of Bob's Caf'e
              2. it is Bob's personal wifi network that has been accidentally left open and no one except Bob himself should be using it

              I've never seen an ISP-provided wifi kit that didn't uniquely identify itself somehow. Usually with a MAC address, or something other random-but-unique number in the SSID.

              And yet I have. It is less common now, but it certainly used to happen a lot. Also, access points with the manufacturer's name and no uniqueness are still pretty common (Li

    • I find it odd that QPS Media has failed to supply the public with any technical information on what tools they are using and the scope of the exercise

      Also, why are they limiting themselves to wifi only? Unsecured trash cans, unsecured cable boxes, and cheap mailboxes can be another way for people to steal your data. And in bad neighborhoods, unsecured backyards, unsecured windows, and easy to break doors, are a boon for criminals. If they're going to have someone driving around inspecting security issues, they might has well give that person multiple things to look for -- to save on gas.

      • by Lumpy (12016)

        You have a fine here for having breakable glass windows. This encourages crime.

      • Also, why are they limiting themselves to wifi only? Unsecured trash cans, unsecured cable boxes, and cheap mailboxes can be another way for people to steal your data.

        This is one of the reasons I suspect this may be a SIGINT operation by the state police so they don't have to keep giving up jurisdiction or credit to the feds.

  • If anyone has a secure wi-fi spot, will the "I did not download that file, someone did by accessing my wi-fi" excuse remain valid?
    • If anyone has a secure wi-fi spot, will the "I did not download that file, someone did by accessing my wi-fi" excuse remain valid?

      If your WiFi is secured, then you don't need the defense because nobody will use your WiFi to download files.

      • by Aryden (1872756)

        If your WiFi is secured, then you don't need the defense because only those who really want to will use your WiFi to download files.

        FTFY

      • If anyone has a secure wi-fi spot, will the "I did not download that file, someone did by accessing my wi-fi" excuse remain valid?

        If your WiFi is secured, then you don't need the defense because nobody will use your WiFi to download files.

        If your WiFi is secured and someone, through luck or through skill, manages to identify with your AP and use your connection for nefarious deeds, you no longer have that defence. I always keep an open but isolated, bandwidth-limited channel. I use a secure channel for myself and my guests.

  • by anarkhos (209172) on Friday March 23, 2012 @03:10AM (#39448571)

    to pay for this crap

  • I mean, it's a fine and commendable effort & all, but it's just bound to go WOOOOSH!!! to most citizens anyway. In fact, that goes for many of the cops too, I'd bet. Just leaving a letter talking about a screen door isn't really going to cut it for people who just expect to plug in a device and have it work perfectly automagically.
  • by Lumpy (12016) on Friday March 23, 2012 @05:29AM (#39448989) Homepage

    All of them named Linksys, Dlink, Wireless, etc... and all to a single router that is connected to nothing at all.

    It significantly reduces the volume of idiot neighbors that do not configure their new wireless as many times they will connect to me instead.

    Works great, when I shut it off, I see no more default router names.

    It also screws with the wardrivers, I look at some of the maps every few months and see my location with a giant pile of AP names around my building.

  • by IGnatius T Foobar (4328) on Friday March 23, 2012 @09:56AM (#39451319) Homepage Journal
    The *proper* solution is to *accept* that some folks have open wifi, are ok with sharing their bandwidth, and therefore a consumer IP address is *not* to be admitted as evidence of a "crime" that has been committed using the public Internet.

FORTUNE'S FUN FACTS TO KNOW AND TELL: A black panther is really a leopard that has a solid black coat rather then a spotted one.

Working...