Chaz
observationist
Found this from XP news this morning. Almost a political discussion but I was hoping to let some people know about the possible ramifications of ot securing your wireless networks. I tend to keep my view of the criminals that do bad stuff on networks not the people that get used or attacked. The problem is if you start going after people that setup the network then somebody has to make a judgement call about what is considered a reasonable effort to secure the network.
Will the FBI Come After You if you Don't Secure your Wireless Network?
802.11 wireless networking technology has, in some ways, revolutionized the computer world. I remember setting up our first home network back in the mid-90s. It involved running Ethernet cables everywhere. Even today, wiring an existing structure is a tough job. We're in the process of moving to a new home and discovered first-hand that most professional "cable guys" are charging $80 or more per "drop" (Ethernet jack).
Then there are the locations to which it's just tough to run a cable - like the patio at the back end of the yard, or the living room with the twenty foot ceiling. Wireless is by far the solution of choice in those situations, or when you want to be able to roam all over the house with your laptop, without plugging and unplugging or trailing a long cable behind you.
However, as we've discussed here in the past, wireless presents some security problems. Buying that super add-on antenna for your wireless access point gives you a strong signal in the furthest reaches of the back yard - but it also makes it easier for your neighbors, or someone parked down the street, to pick up your signal and intercept your network communications or surf the Web on your dime. And even if you make sure your WAP's broadcast range isn't excessive, a determined "war driver" can extend his own portable computer's pickup range by using a directional antenna such as a Yagi. These are neither hard to come by nor expensive; you can even make one yourself out of a Pringles potato chip can or similar tubular structure.
Having somebody else use your bandwidth without your permission is annoying, and having them read your files could be troublesome, but the risk doesn't stop there. Wireless hackers could also use your computers as intermediaries to launch attacks on other systems, making it appear that you're the culprit. They could also visit child porn sites while connected to your network, or send messages related to criminal or even terrorist activities, which could be traced back to you. And that could result in the police or FBI showing up on your doorstep. Take a look at the real-life scenario described in a recent AnchorDesk column on ZDNet
Because of such possibilities, we've heard some in the industry and in government suggest that laws be passed requiring wireless networks to use encryption and other security measures, and fining folks who set up a wireless access point without doing so. The premise is that by having an open network, you "invite" the bad guys to use it for illegal purposes. In our opinions, it's a little like the ordinances in some cities making it illegal to leave your car unlocked. Of course, it's easier to hold the victims accountable for crimes than to catch the bad guys, since the victims are usually accessible and cooperative (at least, until they realize they're going to be fined as punishment for being burglarized).
The whole idea brings up visions of "net cops" out patrolling the streets with their wireless-equipped PDAs, intent on detecting all the wireless networks out there and busting those who don't have encryption enabled. Or will victims only be prosecuted if they report their networks being broken into, thus creating an atmosphere in which the bad guys can thrive, knowing their victims aren't going to report any security breaches (and will, in fact, probably do their best to cover up their own victimization)?
Now, we aren't suggesting that it's smart or desirable to operate a wireless network without taking all the security precautions available. That's just common sense, as is locking your car in these high-crime times. But are we blurring the lines between right and wrong when we make it a crime to leave your network unsecured, especially since many WAPs still come with security mechanisms turned off by default? Or does an unsecured network have such serious ramifications for the Internet community as a whole that it warrants imposing such responsibilities on the users of such networks? Let us know what you think, at [email protected].
