That is what is being reported as happening in Germany. Those crazy Germans. What kind of stupidity is that?

Do they also fine people for not locking their doors? After all, the same logic follows. If you leave your front door open, it could entice someone to steal, who would otherwise be stopped by a locked door. What’s next, the thought police?

[ZDNet]

Internet users in Germany, whose wireless networks are left password unprotected, can be fined up to 100 Euros, according to a recent ruling by Germany’s top criminal court.

The ruling is in response to a musician’s lawsuit against a user whose unprotected wireless network was used for downloading and sharing music over P2P.

Just how realistic is the ruling, from a security perspective? Is a weak password protected wireless network, any different than the one with no password security at all?

“Private users are obligated to check whether their wireless connection is adequately secured to the danger of unauthorized third parties abusing it to commit copyright violation,” the court said. Internet users can be fined up to euro 100 ($126) if a third party takes advantage of their unprotected WLAN connection.”

The ruling is not just missing the emphasis on the importance of strong passwords, but it also “doesn’t expect users to constantly update the security of their wireless networks“. Moreover, it’s not even building awareness on the fact how the choice of the encryption protocol, can greatly slow down a potential attacker, in a combination with strong password.

With GPU-accelerated Wi-Fi password recovery speeds prone to increase over time, as well as the increasing availability of DIY cracking kits, emphasizing on the use of strong passwords in a combination with with right encryption protocol, next to basic MAC address filtering, is the right security awareness building approach.

The main problem with insecure wireless networks, is the fact that malicious wardrivers can easily forward the responsibility for their activities to the owner of the unsecured wireless network.

For instance, in 2008:

It became evident that a group of Indian militants took unethical hacking courses, and once learning the basics of wardriving, used the insecure wireless network of a U.S expatriate to send emails claiming responsibility for serial bombings that took place in July and September –

“Roaming around Mumbai with Wi-Fi detectors, the suspects looked for open Wi-Fi signals and programmed the e-mail messages to be sent from hacked wireless networks prior to the blasts, the Indian police said. The technique used by the militants is similar to “wardriving,” where hackers roam around to detect and access Wi-Fi networks with security weaknesses.”

The “wardriving police unit” is not a new concept. The first time I heard about it, was in 2006, when the Douglas County Sheriff’s Department was considering to scan for insecure wireless networks, and drop off brochures with instructions on how to properly secure them.

Three years later, Mumbai’s police started implementing the practice, in response to the abuse of insecure wireless networks by Indian militants:

Additional Commissioner of Mumbai Police K Venktesan told Business Standard: “If the Wi-Fi connection in a particular place is not password protected or secured then the policemen accompanying the squad will have the authority to issue a notice to the owner of the connection directing him to secure it.”The police could issue a notice under section 149 of the Criminal Procedure Code (CrPC) to anyone found not securing their Wi-Fi connection and user may face criminal investigations.

It sounds as though there should be more investigation as to how “section 149 of the Criminal Procedure Code” ever became law. Those who enacted it should possibly be gathered up for a mental evaluation.

What kind of a world are we living in? This kind of thinking approaches that of those science fiction novels where there is no individual bad guy, but the society as a whole is corrupted, and the hero must get out or die to live in freedom.

Again in 2009, the Australian police also planned similar wardriving sessions:

The Queensland Police plans to conduct a ‘wardriving’ mission around select Queensland towns in an effort to educate its citizens to secure their wireless networks. When unsecured networks are found, the Queensland Police will pay a friendly visit to the household or small business, informing them of the risks they are exposing themselves to.

Although the problem with insecure wireless networks is often greatly underestimated, the big picture has to do with the fact that, when there are hundreds of thousands of password-unprotected wireless networks, this well known fact allows malicious attackers to efficiently propagate wireless malware. Related studies done on the subject, prove just easy it is to execute such a malware campaign.

What do you think?

Does the “Wardriving police” concept have any future? Is your neighbor’s insecure wireless network setting up the foundations for a cybercrime-friendly infrastructure, or are there much more important issues to take care of first, before starting to drop off “Insecure Wireless Network Detected!” brochures?

No, the problem with all of this is that it shifts responsibility for the would-be law breakers onto the lawful users. It is a shirking of the duty of the institutions that are there to take care of the problem and brings everyone in Germany a step closer to the world of Big Brother.

The idea that the police should be tasked with such nonsense is more of the same logic that has given so many incursions into freedom with no increases in security. Let the police take care of committed crimes, not possible ones. This is not the time of Minority Report.

If the government is going to try to enforce this extreme paternalistic behavior, why not do something useful, and restrict wi-fi? It would make more sense to put more restrictions on the ability to obtain it, and using some form of registration process, where those wanting wi-fi would have to broadcast their own licensing information as part of the process would certainly put a crimp in some of those idiots’ style. Getting away from the idea that everyone needs a wireless data connection is where it should start.

§




Now that women are jockeys, baseball umpires, atomic scientists, and business executives, maybe someday they can master parallel parking.Bill Vaughan

StumbleUpon.com

Opera, the fastest and most secure web browser

≡≡≡≡≡≡≡≡≡≡ Ḟᴵᴺᴵ ≡≡≡≡≡≡≡≡≡≡