NY case underscores Wi-Fi privacy dangers

Apr 24, 2011 By CAROLYN THOMPSON , Associated Press
In this April 21, 2011 photo, Wi-Fi logos are shown on a computer screen search engine in Buffalo, N.Y. The poll conducted for the Wi-Fi Alliance, the industry group that promotes wireless technology standards, found that 32 percent of respondents acknowledged trying to access a Wi-Fi network that wasn’t theirs. An estimated 201 million households worldwide use Wi-Fi networks, according to the alliance. The same study, conducted by Wakefield Research, found that 40 percent said they would be more likely to trust someone with their house key than with their Wi-Fi network password. (AP Photo/David Duprey)

Lying on his family room floor with assault weapons trained on him, shouts of "pedophile!" and "pornographer!" stinging like his fresh cuts and bruises, the Buffalo homeowner didn't need long to figure out the reason for the early morning wake-up call from a swarm of federal agents.

That new wireless router. He'd gotten fed up trying to set a password. Someone must have used his Internet connection, he thought.

"We know who you are! You downloaded thousands of images at 11:30 last night," the man's lawyer, Barry Covert, recounted the agents saying. They referred to a screen name, "Doldrum."

"No, I didn't," he insisted. "Somebody else could have but I didn't do anything like that."

"You're a creep ... just admit it," they said.

say the case is a cautionary tale. Their advice: Password-protect your wireless router.

Plenty of others would agree. The Sarasota, Fla. man, for example, who got a similar visit from the FBI last year after someone on a boat docked in a marina outside his building used a potato chip can as an antenna to boost his wireless signal and download an astounding 10 million images of child porn, or the North Syracuse, N.Y., man who in December 2009 opened his door to police who'd been following an electronic trail of illegal videos and images. The man's neighbor pleaded guilty April 12.

For two hours that March morning in Buffalo, agents tapped away at the homeowner's , eventually taking it with them, along with his and his wife's iPads and iPhones.

Within three days, investigators determined the homeowner had been telling the truth: If someone was downloading child pornography through his , it wasn't him. About a week later, agents arrested a 25-year-old neighbor and charged him with distribution of child pornography. The case is pending in federal court.

It's unknown how often unsecured routers have brought legal trouble for subscribers. Besides the criminal investigations, the Internet is full of anecdotal accounts of people who've had to fight accusations of illegally downloading music or movies.

Whether you're guilty or not, "you look like the suspect," said Orin Kerr, a professor at George Washington University Law School, who said that's just one of many reasons to secure home routers.

Experts say the more savvy hackers can go beyond just connecting to the Internet on the host's dime and monitor Internet activity and steal passwords or other sensitive information.

A study released in February provides a sense of how often computer users rely on the generosity - or technological shortcomings - of their neighbors to gain Internet access.

The poll conducted for the Wi-Fi Alliance, the industry group that promotes wireless technology standards, found that among 1,054 Americans age 18 and older, 32 percent acknowledged trying to access a Wi-Fi network that wasn't theirs. An estimated 201 million households worldwide use Wi-Fi networks, according to the alliance.

The same study, conducted by Wakefield Research, found that 40 percent said they would be more likely to trust someone with their house key than with their Wi-Fi network password.

For some, though, leaving their wireless router open to outside use is a philosophical decision, a way of returning the favor for the times they've hopped on to someone else's network to check e-mail or download directions while away from home .

"I think it's convenient and polite to have an open Wi-Fi network," said Rebecca Jeschke, whose home signal is accessible to anyone within range.

"Public Wi-Fi is for the common good and I'm happy to participate in that - and lots of people are," said Jeschke, a spokeswoman for the Electronic Frontier Foundation, a San Francisco-based nonprofit that takes on cyberspace civil liberties issues.

Experts say wireless routers come with encryption software, but setting it up means a trip to the manual.

The government's Computer Emergency Readiness Team recommends home users make their networks invisible to others by disabling the identifier broadcasting function that allows wireless access points to announce their presence. It also advises users to replace any default network names or passwords, since those are widely known, and to keep an eye on the manufacturer's website for security patches or updates.

People who keep an open wireless router won't necessarily know when someone else is piggybacking on the signal, which usually reaches 300-400 feet, though a slower connection may be a clue.

For the Buffalo homeowner, who didn't want to be identified, the tip-off wasn't nearly as subtle.

It was 6:20 a.m. March 7 when he and his wife were awakened by the sound of someone breaking down their rear door. He threw a robe on and walked to the top of the stairs, looking down to see seven armed people with jackets bearing the initials I-C-E, which he didn't immediately know stood for Immigration and Customs Enforcement.

"They are screaming at him, 'Get down! Get down on the ground!' He's saying, 'Who are you? Who are you?'" Covert said.

"One of the agents runs up and basically throws him down the stairs, and he's got the cuts and bruises to show for it," said Covert, who said the homeowner plans no lawsuit. When he was allowed to get up, agents escorted him and watched as he used the bathroom and dressed.

The homeowner later got an apology from U.S. Attorney William Hochul and Immigration and Customs Enforcement Special Agent in Charge Lev Kubiak.

But this wasn't a case of officers rushing into the wrong house. Court filings show exactly what led them there and why.

On Feb. 11, an investigator with the Department of Homeland Security, which oversees cybersecurity enforcement, signed in to a peer-to-peer file sharing program from his office. After connecting with someone by the name of "Doldrum," the agent browsed through his shared files for videos and images and found images and videos depicting children engaged in sexual acts.

The agent identified the IP address, or unique identification number, of the router, then got the service provider to identify the subscriber.

Investigators could have taken an extra step before going inside the house and used a laptop or other device outside the home to see whether there was an unsecured signal. That alone wouldn't have exonerated the homeowner, but it would have raised the possibility that someone else was responsible for the downloads.

After a search of his devices proved the homeowner's innocence, investigators went back to the peer-to-peer software and looked at logs that showed what other IP addresses Doldrum had connected from. Two were associated with the State University of New York at Buffalo and accessed using a secure token that UB said was assigned to a student living in an apartment adjacent to the homeowner. Agents arrested John Luchetti March 17. He has pleaded not guilty to distribution of child pornography.

Luchetti is not charged with using his neighbor's Wi-Fi without permission. Whether it was illegal is up for debate.

"The question," said Kerr, "is whether it's unauthorized access and so you have to say, 'Is an open wireless point implicitly authorizing users or not?'

"We don't know," Kerr said. "The law prohibits unauthorized access and it's just not clear what's authorized with an open unsecured wireless."

In Germany, the country's top criminal court ruled last year that Internet users must secure their wireless connections to prevent others from illegally downloading data. The court said Internet users could be fined up to $126 if a third party takes advantage of their unprotected line, though it stopped short of holding the users responsible for illegal content downloaded by the third party.

The ruling came after a musician sued an Internet user whose wireless connection was used to download a song, which was then offered on an online file sharing network. The user was on vacation when the song was downloaded.

Explore further: FX says overnight ratings becoming meaningless

4 /5 (4 votes)
add to favorites email to friend print save as pdf

Related Stories

German court orders wireless passwords for all

May 12, 2010

(AP) -- Germany's top criminal court ruled Wednesday that Internet users need to secure their private wireless connections by password to prevent unauthorized people from using their Web access to illegally download data.

Netgear Launches A New Family Of Wireless-N Routers

Sep 29, 2008

Netgear today has announced a new family of Wireless-N networking solutions that will make it easy for anyone to upgrade their wireless home network to Wireless-N technology. This new technology supports the ...

Free Wi-Fi can hide security dangers

Aug 27, 2010

After someone sniffed out his password at a free Wi-Fi hotspot and successfully hacked his computer, Igor Mello stays home for the majority of his web use.

Is neighbor's Wi-Fi signal free for me to use?

Nov 11, 2009

Q. The other day, my Internet service went down as it does from time to time. But this particular time, I needed to check my e-mail for an important reply I was expecting. After some frustrating time passed, I happened to ...

Verizon gives free Wi-Fi to Internet customers

Jul 27, 2009

(AP) -- Verizon is giving some of its home broadband customers free access to thousands of Wi-Fi hotspots in airports and other public places, taking a page from competitors that already offer wireless Internet access.

Recommended for you

User comments : 19

Adjust slider to filter visible comments by rank

Display comments: newest first

ab3a
2.3 / 5 (6) Apr 24, 2011
So let's suppose a person 'secures' their router with WEP. Someone runs WEPCrack and breaks in. They download kiddie porn and then drive away.

How can a homeowners protect themselves from that?
MorituriMax
2.6 / 5 (9) Apr 24, 2011
So don't use WEP. Duh.
Nik_2213
4 / 5 (2) Apr 24, 2011
Sadly, WEP is no longer considered secure enough. You need WPA-PSK with a non-trivial pass-key...
And, yes, this probably means your prized router is obsolete. Sorry. At least they're not as expensive now. Good news is most '300-n' routers are back-compatible with 'b' and 'g' interfaces.
FWIW, I've just had to replace the wifi card in our oldest lap-top because it could not support WPA encryption. I could have switched the router to 'mixed mode', to support both WPA and WEP, but that would have been a last resort...
stealthc
1.8 / 5 (14) Apr 24, 2011
sorry but it wouldn't take long for me to snarf a password no matter what protocol is used. I know how to actually make such a device secure but I won't share it with anybody, I like unsecured networks it spares me from having to pay for internet access. Anyways, one can pose as the router using an aircard from ubquity (for example) and maybe load a few extra goodies into back track 4 (for example) and then wait for the user to connect and simply get him to volunteer the password. Honestly, we should just network these multiband wifi routers together and form a vast network not requiring exorbitant monthly subscription fees like we have now. Sure there are creepy pedophiles and stuff, but I do my duty and catch their information and hand them to the cops on a silver platter and guess what the cops do: Nothing. Anyways it doesn't matter what level of security you use on a router, use wpa2 for all I care I will still get your password by pretending to be your router.
Jotaf
5 / 5 (2) Apr 24, 2011
Thanks for the eye-opener Stealthc.

Guilt by association. Incredible.
PinkElephant
5 / 5 (6) Apr 24, 2011
What really gets me regarding the article above, is why in blazes they needed to send a bloody S.W.A.T. team, replete with assault rifles, to break down someone's door at 6:30 AM. Since when are alleged e-pedophiles automatically presumed to be armed and dangerous? And what's with throwing an unarmed guy in his own home down the stairs? Whatever happened to presumption of innocence, and Miranda rights? Whatever happened to "protect and serve"?

It's really too bad the guy decided not to sue. If they tried to pull that sort of shit with me, I'd take it all the way to the Supreme Court, ask for restitution of damages and for punitive fines, and make sure whoever authorized the operation (and whoever inflicted bodily harm on an unarmed civilian) never holds another law enforcement job ever again.
rynox
2.3 / 5 (3) Apr 24, 2011
Putting pedophiles in jail is putting a bandaid on a gushing wound. Pedophilia is a huge public health issue requiring more study.
nickd91
3 / 5 (2) Apr 24, 2011
You can also uncheck the "enable SSID broadcast" this will not show everyone your wireless router. Then use the "enable MAC Address Filtering". Then just add the MAC addresses of all your devices you want on your network.

Also it will be easier to disable the wireless broadcasting after adding all Devices.

Also make sure you change the password to a super strong password to edit the router.

If you have any questions please let me know at dvsd91@gmail.com. I am the Internet director for a medium sized business in San Diego, CA
DrSmallberries
4.2 / 5 (5) Apr 24, 2011
and if it's a minor downloading the porn? you gonna shoot me, SWAT team, when i defend my children against a home invasion? this country is worse than no country at all. happy easter, police state. get those crucifixion teams ready.
AlexCoe
1.9 / 5 (9) Apr 24, 2011
Pink Elephant, you have it SO RIGHT! The Police State at its finest. So much over use of force in a non-violent situation, but barricade yourself in somewhere, a true SWAT situation and they will stand around all day long. Or as LAPD did recently tear down your house piece by piece, because you shot one of them.
Security is only an illusion, you can only make it tougher to use, not impossible to gain access to anything. We often allow open access at work to one wifi (our secondary dsl line)connection when visitors are in house. Since we are a prepress house & service bureau, that's pretty often. It's easier for everyone to simply bootup and go rather than do all the log in and change of passwords and all. That could become an issue in and of itself, having to use onetime keys instead, for any "real" security.
This BS with the PD's kicking down the doors etc. for what is a non violent crime, isn't acceptable and we all need to speak out on that, before an innocent gets killed.
Au-Pu
1 / 5 (5) Apr 24, 2011
The simpler and cheaper solution is to give WiFi the flick.
And yes the authorities got it wrong, they should have checked more thoroughly. And yes he should sue.
BUT!
As far as paedophiles are concerned a good paedophile is a dead paedophile and I personally don't give a damn what they do to them or how they treat them.
PinkElephant
5 / 5 (3) Apr 24, 2011
I personally don't give a damn what they do to them or how they treat them
Until you're on the receiving end of that stick. It's in your own best interest to ensure that law and constitutional protections apply to all equally and fairly. So goes the Golden Rule.
Sean_W
2 / 5 (8) Apr 24, 2011
If someone is not keeping themselves up to date on what encryption protocols are best, what settings they need to be aware of and other computational minutiae they deserve to have their lives seriously harmed - maybe ruined - or be driven to suicide.

I don't know why they deserve this but that is the received wisdom of the society we have created. Ever wonder if we all have already lived and died and we are now in Hell?
epsi00
not rated yet Apr 25, 2011
If someone is not keeping themselves up to date on what encryption protocols are best, what settings they need to be aware of and other computational minutiae they deserve to have their lives seriously harmed - maybe ruined - or be driven to suicide.


Well one cannot be an expert in every field. Tell me, do you build your own furniture? Did you wire your home? Do you go to a doctor or do you treat yourself by reading what's out there on the web? Did you make your own car? One cannot simply wake up one morning and decide to become an expert plumber or network admin or whatever else one needs to become to solve a problem. That's not realistic. yes, a lot of things come with manuals but have you tried to fix your car by reading the manual?
frajo
5 / 5 (1) Apr 25, 2011
Sean_W's comment was applied sarcasm.
6_6
1 / 5 (5) Apr 25, 2011
I still have never heard any evidence supporting the claim that NY is the greatest city in the world, only always the contrary. And are these officers really that retarded they accept an IP address as the sole evidence of incrimination? absurd!!
Msean1941
not rated yet Apr 25, 2011
@6_6
NY State, not NY City. The city in question is Buffalo.
J-n
3 / 5 (2) Apr 25, 2011
Police abuse happens everywhere. 70yr old grandmothers being tased for asking a few questions. Disabled individuals being ripped from their wheelchairs. People's cars, homes, belongings being destroyed because of the suspicion of drugs.

Personal property and liberty are being destroyed because of the pressure that is placed on politicians by the large companies that own and operate our prisons.. and the sheeple who parrot their sentiments without considering the consequences, until their child is the one beaten for asking one too many questions during a traffic stop.
Mahal_Kita
1 / 5 (3) May 02, 2011
sorry but it wouldn't take long for me to snarf a password no matter what protocol is used.


Tiger Team ExoNet (.net)