Stealing Wi-Fi - Is it a Victimless Crime? Is it a Crime?
A recent Time.com commentary suggests several things, all of which are food for thought for corporate IT security people. The writer confesses to the theft of Wi-Fi signals in his apartment. Though he acknowledges that what he did was illegal, unethical or both, he kept right on doing it.
This person is no monster. If he was willing to steal signals, a large group of others will as well. Apparently, it was easy - indeed, he seems to have had a choice between networks. He opted for those whose names apparently hadn't been changed (i.e., "default," "Netgear") over those that had. The owners of the networks who had changed the names were paying at least marginally more attention to security, and so it may have been somewhat more difficult to pilfer coverage from them.
Whether consumers steal Wi-Fi from each other isn't a direct concern to security staffs, but there are good reasons to carefully monitor this issue. An uninvited guest on a home network used for work clearly endangers all the data stored there, including files from the office. IT staffs also must be aware that a poorly protected home network is a red carpet into home corporate networks. Since IT staffs may have limited input into the steps taken in an employee's home network, they must assume that each is insecure and create barriers closer to the internal network.
There is a third, perhaps somewhat less common, potential problem. A recent story in the Guardian begins by pointing out how easy it is to find unprotected Wi-Fi. The danger is that settings can be changed to send people to sites that they do not intend to visit. A hacker potentially can change a domain name server setting and send a user to a fake site that installs keyword loggers or other malware.
Most people would intuitively assume that using somebody else's network is illegal. Not everyone shares that assumption, however. Indeed, this Ars Technica post takes a completely opposite viewpoint: The writer suggests that it is silly to think that such an activity is illegal. His point is that unsecured signals spilling into a person's home are fair game. He makes an analogy to a water sprinkler: If one person waters his or her lawn and some of the water crosses into another person's grass, that person isn't obligated to pay for it and certainly isn't stealing.
In any case, most people don't bother to deal with the ethical complexities of the issue, and "borrowing" Wi-Fi is common.
A recent blog post takes it a step further. The writer suggests that the person whose network is being used may be breaking the law, or at least the ISP's terms of service, by letting unauthorized people use the signal. Nobody is likely to get into much trouble over this, but it certainly shows how confusing and counter-intuitive the world of wireless home networking can be. IT and security staffs must keep this in mind as they help create security policies and authorize equipment.
Labels: Is it a Crime, Stealing Wi-Fi - Is it a Victimless Crime