overview
corporate
hotspots
WISPs
community
mobiles
satellite
aircraft
municipal
theft

related
Guides:
Networks
& GII
Economy

related
Profiles:
the net in
Australia
cybercafes
Aust & NZ
telecoms
warchalking
dot-com &
telco bubble
|
theft
This page considers wireless internet theft (aka piggybacking
or LANjacking).
It covers -
It
supplements the broader discussion elsewhere on this site
regarding internet security and warchalking.
legal frameworks
Is unauthorised access to a wireless network legal? What
about piggybacking on someone's network to gain access
to the net? A US journalist huffed that people have been
arrested
for allegedly stealing something no one could see, hear,
or feel. That thing was valuable enough for victims
to press charges in both cases. But the arrests were
over something many consumers throw out their windows
every day: a Wi-Fi signal.
As noted in discussion elsewhere on this site regarding
wardriving and warchalking, observers have often argued
that merely identifying that a wireless network is unsecured
is not illegal. Some use the 'front door' analogy, where
it not an offence to identify that a door exists but unauthorised
entry breaches the law and facilitating wrongdoing by
alerting offenders that the door is unlocked may also
be a breach.
Most regimes regard unauthorised connection to and use
of a network as illegal.
That encompasses activities such as identifying what files
are held on particular servers or desktop machines, identifying
the topography of a LAN, copying (or modifying or deleting
files) and using the network for unauthorised communications
(including spam and stalking).
It is consistent with prohibitions on unauthorised physical
access to content, devices and networks, with legislation
for example identifying crimes such as theft of services.
In Australia there has been no definitive case law about
'theft of service' through unauthorised use of a network.
Observers note that there are specific prohibitions in
federal law.
The federal Cybercrime Act 2001 (CA)
for example amended the Criminal Code Act 1995
by identifying computer offences that "impair the
security, integrity and reliability of computer data and
electronic communications". The three major computer
offences are -
1) Unauthorised access, modification or impairment with
intent to commit a serious offence (with a maximum penalty
equal to the maximum penalty for that serious offence).
2) Unauthorised modification of data where the offender
is reckless as to whether the modification will impair
data (maximum penalty of 10 years in prison), covering
situations such as where a hacker unintentionally impairs
data in the course of unauthorised access to a computer
system.
3) Unauthorised impairment of electronic communications
(maximum penalty of 10 years in prison), including 'denial
of service' attacks'.
The
first offence centres on activity such as hacking a financial
institution's database to access credit card details with
the intention of using them to obtain money (ie intending
to commit a fraud offence).
The Act includes other computer offences -
1
Unauthorised access to, or modification of, restricted
data (maximum penalty of two years imprisonment)
2 Unauthorised impairment of data held on a computer
storage device, including removable storage (maximum
two years imprisonment)
3 Possession or control of data with intent to commit
a computer offence (maximum penalty three years imprisonment)
4 Producing, supplying or obtaining data with intent
to commit a computer offence (maximum penalty three
years imprisonment)
prosecutions
The 2004 conviction (in the US District Court for the
Western District of North Carolina) of Paul Timmins on
a single count of fraudulent and unauthorized Wi-Fi access
to a private corporate network is believed to be the first
wardriving conviction in the US. Legal specialists have
argued that there is potential liability under the US
federal Computer Fraud & Abuse Act, the Wiretap
Act and some state legislation.
The same year saw action under the US federal CAN-SPAM
Act against Nicholas Tombros,
who allegedly sent spam via insecure residential wireless
APs in Los Angeles.
Other jurisdictions have successfully prosecuted individuals/groups
for 'theft of service' or unauthorised access.
Canadian police for example prosecuted a man in November
2003 after checking his car for a traffic infraction and
discovering that he was naked from the waist down and
was viewing child pornography accessed via a residential
wireless hot spot. He was charged with theft of telecommunications
and possession, distribution and creation of child porn.
In March 2006 Ontario Provincial Police charged a man
under Section 326 of the Ontario Criminal Code (Theft
of Communications), alleging the man was "using his
lap top computer to steal a wireless Internet connection"
in Morrisburg.
In the UK Gregory Straszkiewicz is believed to be the
first person to be convicted, in 2005, of wireless 'piggybacking'
in breach of sections 125 and 126 of the Communications
Act 2003 (dishonestly obtaining an electronic communications
service). He was fined £500 and given a 12-month
conditional discharge, with confiscation of his laptop.
The prosecution in R v Straszkiewicz does not
appear to have relied on eavesdropping provisions in the
Computer Misuse Act, the basis of his initial
arrest.
In 2006 Singapore teenage 'bandwidth bandit' Garyl Tan
Jia Luo pleaded guilty under the Computer Misuse Act
to tapping into a neighbour's wireless network, in what
is claimed to be Singapore's prosecution for the offence.
What
of warchalking? As far as we are aware there have been
no successful Australian prosecutions for chalking, although
presumably there is some scope for action under damage
to public/private property (don't use waterproof paint
or carve a symbol on someone's fence or front door) or
even aiding a crime.
::
|
|