New York Case Underscores Wi-Fi Privacy Dangers

[Michael Komorn]

New York case underscores Wi-Fi privacy dangers

 

Not medical marihuana but important information for all my brothers and sisters using this internet thing.

 

Carolyn Thompson / Associated Press

 

Buffalo, N.Y.— Lying on his family room floor with assaultweapons trained on him, shouts of "pedophile!" and"pornographer!" stinging like his fresh cuts and bruises, the Buffalohomeowner didn't need long to figure out the reason for the early morningwake-up call from a swarm of federal agents.

 

That new wirelessrouter. He'd gotten fed up trying to set a password. Someone must have used hisInternet connection, he thought.

 

"We know who youare! You downloaded thousands of images at 11:30 last night," the man'slawyer, Barry Covert, recounted the agents saying. They referred to a screenname, "Doldrum."

 

"No, Ididn't," he insisted. "Somebody else could have but I didn't doanything like that."

 

"You're a creep ...just admit it," they said.

 

Law enforcementofficials say the case is a cautionary tale. Their advice: Password-protectyour wireless router.

 

Plenty of others wouldagree. The Sarasota, Fla. man, for example, who got a similar visit from theFBI last year after someone on a boat docked in a marina outside his buildingused a potato chip can as an antenna to boost his wireless signal and downloadan astounding 10 million images of child porn, or the North Syracuse, N.Y., manwho in December 2009 opened his door to police who'd been following anelectronic trail of illegal videos and images. The man's neighbor pleadedguilty April 12.

 

For two hours that Marchmorning in Buffalo, agents tapped away at the homeowner's desktop computer,eventually taking it with them, along with his and his wife's iPads andiPhones.

 

Within three days,investigators determined the homeowner had been telling the truth: If someonewas downloading child pornography through his wireless signal, it wasn't him.About a week later, agents arrested a 25-year-old neighbor and charged him withdistribution of child pornography. The case is pending in federal court.

 

It's unknown how oftenunsecured routers have brought legal trouble for subscribers. Besides the criminalinvestigations, the Internet is full of anecdotal accounts of people who've hadto fight accusations of illegally downloading music or movies.

 

Whether you're guilty ornot, "you look like the suspect," said Orin Kerr, a professor atGeorge Washington University Law School, who said that's just one of manyreasons to secure home routers.

 

Experts say the moresavvy hackers can go beyond just connecting to the Internet on the host's dimeand monitor Internet activity and steal passwords or other sensitiveinformation.

 

A study released inFebruary provides a sense of how often computer users rely on the generosity —or technological shortcomings — of their neighbors to gain Internet access.

 

The poll conducted forthe Wi-Fi Alliance, the industry group that promotes wireless technologystandards, found that among 1,054 Americans age 18 and older, 32 percentacknowledged trying to access a Wi-Fi network that wasn't theirs. An estimated201 million households worldwide use Wi-Fi networks, according to the alliance.

 

The same study,conducted by Wakefield Research, found that 40 percent said they would be morelikely to trust someone with their house key than with their Wi-Fi networkpassword.

 

For some, though,leaving their wireless router open to outside use is a philosophical decision,a way of returning the favor for the times they've hopped on to someone else'snetwork to check e-mail or download directions while away from home .

 

"I think it'sconvenient and polite to have an open Wi-Fi network," said RebeccaJeschke, whose home signal is accessible to anyone within range.

 

"Public Wi-Fi isfor the common good and I'm happy to participate in that — and lots of peopleare," said Jeschke, a spokeswoman for the Electronic Frontier Foundation,a San Francisco-based nonprofit that takes on cyberspace civil libertiesissues.

 

Experts say wirelessrouters come with encryption software, but setting it up means a trip to themanual.

 

The government'sComputer Emergency Readiness Team recommends home users make their networksinvisible to others by disabling the identifier broadcasting function thatallows wireless access points to announce their presence. It also advises usersto replace any default network names or passwords, since those are widelyknown, and to keep an eye on the manufacturer's website for security patches orupdates.

 

People who keep an openwireless router won't necessarily know when someone else is piggybacking on thesignal, which usually reaches 300-400 feet, though a slower connection may be aclue.

 

For the Buffalohomeowner, who didn't want to be identified, the tip-off wasn't nearly assubtle.

 

It was 6:20 a.m. March 7when he and his wife were awakened by the sound of someone breaking down theirrear door. He threw a robe on and walked to the top of the stairs, looking downto see seven armed people with jackets bearing the initials I-C-E, which hedidn't immediately know stood for Immigration and Customs Enforcement.

 

"They are screamingat him, 'Get down! Get down on the ground!' He's saying, 'Who are you? Who areyou?'" Covert said.

 

"One of the agentsruns up and basically throws him down the stairs, and he's got the cuts andbruises to show for it," said Covert, who said the homeowner plans nolawsuit. When he was allowed to get up, agents escorted him and watched as heused the bathroom and dressed.

 

The homeowner later gotan apology from U.S. Attorney William Hochul and Immigration and CustomsEnforcement Special Agent in Charge Lev Kubiak.

 

But this wasn't a caseof officers rushing into the wrong house. Court filings show exactly what ledthem there and why.

 

On Feb. 11, aninvestigator with the Department of Homeland Security, which overseescybersecurity enforcement, signed in to a peer-to-peer file sharing programfrom his office. After connecting with someone by the name of"Doldrum," the agent browsed through his shared files for videos andimages and found images and videos depicting children engaged in sexual acts.

 

The agent identified theIP address, or unique identification number, of the router, then got theservice provider to identify the subscriber.

 

Investigators could havetaken an extra step before going inside the house and used a laptop or other deviceoutside the home to see whether there was an unsecured signal. That alonewouldn't have exonerated the homeowner, but it would have raised thepossibility that someone else was responsible for the downloads.

 

After a search of hisdevices proved the homeowner's innocence, investigators went back to thepeer-to-peer software and looked at logs that showed what other IP addressesDoldrum had connected from. Two were associated with the State University ofNew York at Buffalo and accessed using a secure token that UB said was assignedto a student living in an apartment adjacent to the homeowner. Agents arrestedJohn Luchetti March 17. He has pleaded not guilty to distribution of childpornography.

 

Luchetti is not chargedwith using his neighbor's Wi-Fi without permission. Whether it was illegal isup for debate.

 

"Thequestion," said Kerr, "is whether it's unauthorized access and so youhave to say, 'Is an open wireless point implicitly authorizing users or not?'

 

"We don'tknow," Kerr said. "The law prohibits unauthorized access and it'sjust not clear what's authorized with an open unsecured wireless."

 

In Germany, thecountry's top criminal court ruled last year that Internet users must securetheir wireless connections to prevent others from illegally downloading data.The court said Internet users could be fined up to $126 if a third party takesadvantage of their unprotected line, though it stopped short of holding theusers responsible for illegal content downloaded by the third party.

 

The ruling came after amusician sued an Internet user whose wireless connection was used to download asong, which was then offered on an online file sharing network. The user was onvacation when the song was downloaded.

 

 

From The Detroit News: http://detnews.com/article/20110425/BIZ04/104250364/New-York-case-underscores-Wi-Fi-privacy-dangers#ixzz1KdWou1Wy

 

 

Michael A. Komorn

 

Attorney and Counselor

 

Law Office of Michael A. Komorn

 

3000 Town Center, Suite, 1800

 

Southfield, MI 48075

 

800-656-3557 (Toll Free)

 

248-351-2200 (Office)

 

248-357-2550 (Phone)

 

248-351-2211 (Fax)

 

Email: michael@komornlaw.com

 

Website: www.komornlaw.com

 

Check out our Radio show:

 

http://www.blogtalkradio.com/planetgreentrees

 

NEW CALL IN NUMBER: (347) 326-9626

 

Live Every Wednesday 8-10:00p.m.

 

PLANET GREENTREES

 

w/ Attorney MichaelKomorn

 

 

The most relevant radio talk show for the Michigan MedicalMarijuana Community. PERIOD.

 

 

If you have a medical marihuana question or comment, pleaseemail them to me, or leave them on the forum for the MMMA, and I will try toanswer them live on the air.

 

 

http://www.blogtalkradio.com/planetgreentrees

 

PLANET GREENTREES Call-in Number: (347) 326-9626

 

Call-in Number: (347) 326-9626

 

Attorney MichaelKomorn’ practice specializes in Medical Marihuana representation. He is a boardmember with the Michigan Medical Marijuana Association (MMMA), a nonprofitpatient advocacy group with over 20,000 members, which advocates for medicalmarihuana patients, and caregiver rights. He is also an experienced defenseattorney successfully representing many wrongfully accused medical marihuanapatients and caregivers

 

[The Digital Nomad]

Good post, this is very real.

 

Call me a Wardriver, I can drive around and locate the beacons from your wifi router, as far as 300 meters if I use a hi-gain antenna (cheap - hawkingstech.com ). I can also do this with a plain laptop with its built in wifi card, no need for fancy gear to sit near your house.

 

I can be 'you' on the internet. All the traffic that comes to your wifi router, came from your ISP - your internet service provider. That is your name, address, billing info. And since the ISP can 'see' traffic to your router - all it knows is that all the porn went to your location - it could even report you for the child porn.

Wardrivers access wifi routers for various reasons - free internet for one. Not all are downloading kiddie porn, or hacking military servers. Either way - its on your dime and your name.

 

Not scared yet? If you failed to lock your wifi access, I bet you also failed to lock the wifi router admin page - they all have default access IPs like 192.168.72.1 and passwords like admin/admin, or admin/blank! Here I can snoop where you go, and create fake login pages - perhaps to your bank (just copy!) and I will set your router to direct you to my dirty DNS (domain name resolution) - where your Bank.com is really going to hackedbank.com - you will NEVER know.

 

I can also do a discovery on all the devices you have connected, I will likely view all the contents on all the devices - since you can't even lock down a wifi router, and you likely want to share files between devices. All your bases are belong to me.

 

tinkle me off? I can make your wifi router a peice of junk - I can do a 'brick and run' - thats where I upload bad firmware to your hardware and make it useless. You cannot even reflash the firmware, hence - its a brick now. This is how I will erase my tracks..

 

Read the owners manual, lock your wifi signal. Not everyone is a nice guy like me.

 

-DN