Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Wireless Networking Network

Nebraska Sheriff Wardriving, Sending Letters About Unsecured Wi-Fi 248

An anonymous reader sends this quote from JournalStar.com: "The Lancaster County Sheriff’s Office has seen an increase in scammers using unsecured Wi-Fi connections to steal identities and mask their crimes during the past six months, Sheriff Terry Wagner said. ... So deputies spent the past few weeks finding unsecure connections and sending 40 to 50 letters to let people know about the potential dangers of strangers accessing their network connections. 'You're just opening yourself up for a series of potential pitfalls,' Chief Deputy Jeff Bliemeister said. ... Bliemeister said only businesses like coffee shops that offer Internet connections to customers need unsecured Internet connections.
This discussion has been archived. No new comments can be posted.

Nebraska Sheriff Wardriving, Sending Letters About Unsecured Wi-Fi

Comments Filter:
  • by ackthpt ( 218170 ) on Friday September 28, 2012 @03:32PM (#41493385) Homepage Journal

    Applause!

    Much better than that goofball sheriff in Aridzona.

    • Re: (Score:2, Insightful)

      by mpoulton ( 689851 )

      Applause!

      Much better than that goofball sheriff in Aridzona.

      Those of us in Maricopa County can worry about our sheriff; the rest of the country can worry about theirs. It's a local elected office. I do not understand the national media attention.

      With that said, I do not support Arpaio or his policies and do not vote for him.

      • by IceNinjaNine ( 2026774 ) on Friday September 28, 2012 @03:54PM (#41493665)

        Those of us in Maricopa County can worry about our sheriff; the rest of the country can worry about theirs. It's a local elected office. I do not understand the national media attention.

        As a former Phoenix resident, I have to say maybe it's because of things like this [go.com] and this [wikipedia.org]?

        Sorry, but once you step over the line and nobody else is reigning it in, it becomes a federal problem.

      • by Hatta ( 162192 ) on Friday September 28, 2012 @04:06PM (#41493831) Journal

        Criminal behavior by public officials anywhere in the country affects everyone. The Feds need to make an example of Arpaio, lest his corrupting influence spread.

      • by pavon ( 30274 ) on Friday September 28, 2012 @04:26PM (#41494019)

        Those of us in Maricopa County can worry about our sheriff; the rest of the country can worry about theirs. It's a local elected office. I do not understand the national media attention.

        American citizens don't deserve to loose the fundamental constitutionally guaranteed rights when they travel through another county. Nor do prisoners deserve to be loose their (more limited) rights because they are transferred into your county. It's essential that his abuses get national media attention, so the rest of us can know to stay out of Maricopa county until you guys (or the feds) finally get around to doing something about it.

      • Re: (Score:3, Informative)

        by Larry_Dillon ( 20347 )

        Because I might drive through your lovely county some day.

      • I do not understand the national media attention.

        Please remember that Charlie Sheen, Lindsay Lohan, etc are also "worthy" of media attention. It's not like the bar is high. They're nutjobs and so is your sheriff, and it's all fair game for worldwide entertainment, whether the nut represents all spectators or not.

        It's just that people expect that kind of shit from drug-addled Hollywood types; that's a sort of baseline of entertainment. Maricopa county took it to the next step, beating Hollywood in two wa

      • Re: (Score:3, Insightful)

        by fm6 ( 162816 )

        Oh that's funny, It's OK for your local official to interfere with stuff that has nothing to do with his responsibilities or jurisdiction and that affect the whole country. But if the rest of us complain about it, we're the ones messing with a local official?

        I love the way right-wingers make idiots of themselves, and then when people notice it, they complain about the "national media". Take some fucking responsibility, dude.

      • by hey! ( 33014 ) on Friday September 28, 2012 @05:09PM (#41494539) Homepage Journal

        Those of us in Maricopa County can worry about our sheriff; the rest of the country can worry about theirs.

        Not when he started to investigate Obama's birth certificate. Arpaio is the one trying to put the Maricopa sheriff's office on the national stage, and when he does that the people who elected him have to take the criticism that provokes.

  • by ZorinLynx ( 31751 ) on Friday September 28, 2012 @03:33PM (#41493393) Homepage

    In a dense area you might pick up 15 different access points, 2-3 of them open. Unless they have sophisticated RF locating equipment the letters are just going to be out based on a best guess scenario.

    The only place I can see this working is suburbs with wide spacing between homes, or rural areas.

    • by wierd_w ( 1375923 ) on Friday September 28, 2012 @03:39PM (#41493455)

      2 deputies with directional antennas.

      If you can find warships that way, you can find wifi hotspots.

    • by taustin ( 171655 ) on Friday September 28, 2012 @03:39PM (#41493459) Homepage Journal

      You've never been to Nebraska, have you? Google says the population of Lincoln is about 260,000 total. There are apartment complexes in Los Angeles with nearly that many people. Houses have yards, there aren't many multi-story buildings (especially residential). The only "sophisticated RF locating equipment" is the number of bars on the signal idicator in the system tray in Windows, which will vary visible from one house to the next.

    • by ackthpt ( 218170 )

      How about some id on each wireless access point, which can be tracked through the service providers in the region? Doesn't sound unreasonable, particularly if law enforcement is provided with the necessary tools and training.

    • Re: (Score:3, Insightful)

      by JDG1980 ( 2438906 )

      In a dense area...

      We're talking about Nebraska here.

    • The only place I can see this working is suburbs with wide spacing between homes, or rural areas.

      Or Nebraska.

    • by slapout ( 93640 )

      If the SSID is broadcasting, "Smith" and the name on the mailbox is "Smith", you can probably take a guess about it.

      • If the SSID is broadcasting, "Smith" and the name on the mailbox is "Smith", you can probably take a guess about it.

        I think if you're a residential broadband customer, and your access point is wide open, the SSID is gonna be "Linksys" or other default name.

        • by rat7307 ( 218353 )
          "Cleetus, we got ourselves another member of that there 'Linksys' family, they sure are a big clan!"
    • Unless they're working with the ISPs to recover the address associated with the IPs. If this is simply advice being given out (in line with ISP advice anyway), and information isn't being stored or intercepted then fair enough in my book. Too many people end up in court giving it the "but I was hacked!" excuse when they had no password, or an astoundingly weak one, ignorance may be no ecuse but it's nice to see some proactive action in educating people.
  • However, the ISP's TOS forbids it. Nobody's going to break into the computer unless it has no password. But as I've gotten free wifi from unsecured hotspots, I see no reason not to repay by doing the same.

    • In some places you are legally responsible for what people do with your internet connection.
    • They don't need to break into your computer if you leave it unsecured, everything you are transmitting via wifi is open. Unless you never use wifi, I'd shoot for a dual band router if you are trying to help random people and leave some quality of service on that connection while you're at it. If they need internet so badly at that point they can always knock on your door and ask nicely.
      • That's what I do with mine - a hidden wpa2 network for private use and an unsecured public one (that only has internet access) for friends/neighbours/passer-bys to use. I hate the way people are trying to scare people away from altruistic behaviour - it's kind of like warning people against giving away free water in case someone drowns someone in it.
  • While I think this action is quite cool, I would argue that not even coffee shops and businesses like that need open wireless connections.
    They could just as well make the WPA2 key easy to remember and put it in some obvious place, enabling their clients to use encrypted connections and avoid all that Firesheep stuff as well.
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Um, firesheep works in that scenario.

      You're confusing L2 security with transport security for http traffic, very different things

    • We tried this where I work. You would think it would be easy. Just set a key and put a notice up with the key on it. Forget it. It was way beyond the ability of most of our visitors to input a simple key, just a simple pass phrase. After a week of people complaining, the boss decided we should go back to fully open guest wireless access.
      • Re: (Score:2, Funny)

        by Anonymous Coward

        set BSSID to: the password is McDonald's

        • by Nikker ( 749551 )
          Just wait till they type in as the password "the password is McDonald's", allow hilarity to ensue.
    • by fermion ( 181285 )
      I am not opposed to shops printing a code at the bottom of a receipt to get into the Wifi for a number of hours. If the WiFi is close, that is the only thing that makes sense. On the key is known, then anyone can use it and it might as well be open. Even the individual key is not going to stop snooping.

      Honestly, if I were going to snoop traffic, I would do it at a public place where the acces was open. People are crazy and wil do all sorts of confidential stuff over an open line. At home you feel safer

      • Re:unsecured wifi? (Score:5, Interesting)

        by DarwinSurvivor ( 1752106 ) on Friday September 28, 2012 @04:16PM (#41493913)

        On the key is known, then anyone can use it and it might as well be open. Even the individual key is not going to stop snooping.

        You obviously don't understand anything about wireless security. If a connection is open (no encryption), anyone (even those not connected to the router) can stniff EVERYTHING sent over the connection (barring https and the like). With a password, even if every person in the world knows the password, nobody can sniff anyone else's packets. The passwords intiates a transaction where the router and your computer set up their own sessions keys which are used to encrypt everything else. so even though everyone used the same password, everyone is using different encryption keys, so everyone is protected (at the wireless level at least).

        • That doesn't stop man in the middle attacks. If I know the password, I can run my own AP with the same SSID and password, and proxy all traffic through to the real AP, with whatever snooping of malicious transformations I care to implement.

          Actually solving the prolem requires public-key cryptographic verification of the access point. WPA-PSK just authenticates the users to the AP, not the other way around.
        • With a password, even if every person in the world knows the password, nobody can sniff anyone else's packets.

          I think that's not quite true for WPA. In the version where everyone knows the password, there are certain attacks possible once you know the password. That's why it's fine for home use where only trusted people get the password, but not say for company use where you can be sure that a hacker will find some idiot giving them or selling them the password.

    • Re:unsecured wifi? (Score:4, Insightful)

      by PTBarnum ( 233319 ) on Friday September 28, 2012 @03:55PM (#41493693)

      I thought that using a PSK still allowed people to decrypt your packets, as long as they knew the PSK and were able to capture the beginning of your session. So while having a PSK is slightly better than not having one, it doesn't really guarantee a secure connection.

      Does anyone make an easy-to-use 802.1x appliance for coffee shop type uses?

      • by MrKevvy ( 85565 )

        Only if you use a weak password. There's no known attacks against WPA other than dictionary and brute-force which will work on anything. It allows a 63-character password, so for all practical purposes a 63-character WPA password of random mixed-case letters, numbers and punctuation is unbreakable (currently.)

        WEP, of course, is cryptographically weak and crackable

        • Having a highly secure password does not help, if you give it out to everyone who walks into the store.

        • There's no known attacks against WPA other than dictionary and brute-force which will work on anything

          You mean, apart from known [wordpress.com] attacks [google.com]on WPS, which is commonly enabled on access points using WPA.

  • by Lashat ( 1041424 ) on Friday September 28, 2012 @03:39PM (#41493463)

    Other Law Enforcement please take note. Follow this model for other crime prevention and imporve your community.

    Thank You
    Taxpayers

  • What's with slashdot today? An earlier story gave a bogus link and this gives none at all. I tried to find it by googling wifi sheriff site:JournalStar.com but the story didn't come up. Is this for real?

  • so how is this any different than when people went ballistic over google's streetview cars logging wifi?

    Not that I'm saying there should be anything wrong with it in the first place, but why are the freaks that tried to go after google for doing this going to leave this guy alone? Looks like about the same thing to me.

    • Do you have evidence that the Sheriff's wardriving captured and stored packet information? Because the furor over Google doing it was precisely that: indiscriminate and promiscuous capture and storage of any packets in transit in any AP's footprint that they passed through. And then Google kept that information, even after being ordered to delete it.

      Tell me that a law-enforcement agency is sniffing and recording packet traffic and trolling for evidence of lawbreaking without formal suspicion or a wiretap co

    • by Hatta ( 162192 )

      It's not. People blew that way out of proportion. Transmissions on public spectrum can be recieved by anyone. People need to deal with it.

  • The University of Nebraska-Lincoln's general student wireless network (UNL-AIR) is wide open and unencrypted. The only form of security in place is a MAC access list. I'm pretty sure somebody wardriving around the campus (or "warsitting" in the middle of the damn student union) could collect all sorts of yummy private data from that network each and every day.

    So, will the University be getting a letter from the Lancaster sheriff? Probably not. Should they change it anyway? Hell yes.
  • Its a choice, not a law. The police needs to stick to enforcing the law, which is their job.

    • Police also walk around parking lots and point out cars whose doors aren't locked, and they drive around neighborhoods where nothing has happened - yet. Preventing crime isn't any less important than investigating it, and it seems that in this case they are trying more to point out the possibilities of crime than punish those who made a choice.

  • Utter Horse-shit! (Score:4, Interesting)

    by Penurious Penguin ( 2687307 ) on Friday September 28, 2012 @04:29PM (#41494057) Journal
    In my area DSL isn't available and FIOS or broadband is upward of $70. This affects me and many others who have difficulty with such prices. The act of intimidating people with open APs is ludicrous and shit-brained. A secured router with a unique user-ID, strong password, along with various options such as filters, availability-configurations, etc., is more secure than WEP with default settings. This sheriff should have a router fastened to his head until the microwaves loosen the rocks. I think the EFF elaborated [eff.org] on this topic quite well, also mentioning Schneier and his views on the subject [schneier.com].

    Sharing, especially of educational/informational resources is a good thing. Intimidating people into doing otherwise against their will is encouraging greed, inefficiency and paranoia.
    • by Jeng ( 926980 ) on Friday September 28, 2012 @04:40PM (#41494211)

      So the sheriff is trying to put a stop to cyber crimes and you oppose it because you like to leave an access point for neighbors?

      Why not give the password to the neighbors you want to allow on your network?

      • Why intimidate others into conforming to one (reasonably-disputed) perspective? If the sheriff had distributed passive, informative information, I would condone the effort, but disagree with the premise. Instead, intimidation was used without exploring other possibilities. The number of people committing serious "cyber"-crimes is too low to warrant this level of paranoia, especially when sporting a WEP-key does little to prevent it.

        We have all sorts of buzzards poking around in our personal data, whether
      • Footnote: If law-enforcement can wiretap me with the warm, affectionate assistance of the ISP and without a warrant, maybe my neighbors should be given a fair chance too! -- at least they are more likely to be employed in something other than whoring to the plutocracy and fucking over the serfs. I've had very few neighbors (if any) that have ever pulled a gun on a marijuana-smoker and stuffed them in a cage, or tazed someone because they were having a bad day. I also highly doubt most of my neighbors would
      • by Threni ( 635302 )

        > Why not give the password to the neighbors you want to allow on your network?

        He might want to let *anyone* onto the network. What's he going to do, paint his password on the front of his house?

        If he wants to let people use his internet connection, that's his business. And if that makes it harder for people to figure out who has done what online, tough shit! If you're serious about freedom you have to make difficult choices* like `what if me letting people use my house as a TOR exit node or free wifi

  • by DoofusOfDeath ( 636671 ) on Friday September 28, 2012 @04:34PM (#41494125)

    For someone up to no good, I'm not sure that securing WiFi is smart move.

    If someone has an open wifi, and something illegal (copyrighted content, kiddie porn, etc.) is downloaded via his IP, the person has plausible deniability that he himself did the downloading.

    If that persons has secured his WiFi with a password, then I would think he's more likely to get convicted.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      Except that Jammie Thomas already tried that defense in two separate jury trials, and lost both times. An open wifi does not give you plausible deniability.

    • If someone has an open wifi, and something illegal (copyrighted content, kiddie porn, etc.) is downloaded via his IP, the person has plausible deniability that he himself did the downloading.

      Obviously a prosecutor will hold that against you. If you are a person who knows about secure WiFi, passwords, and plausible deniability, then keeping an unprotected connection means you're up to no good.

  • by nilbog ( 732352 )

    Wow this is what we've been asking for all along - someone to educate everyone on securing their wifi. I think this is a good thing for police to spend their time doing. Serve and protect.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...